Fail2ban 在 Varnish 上记录了正确的 IP,但仍然没有被锁定

Fail2ban 在 Varnish 上记录了正确的 IP,但仍然没有被锁定

我正在尝试配置fail2ban以禁止错误的WordPress登录尝试,但没有取得太大的成功。

我在用WP fail2ban 3.0.0/var/log/secure据我所知,它可以正确记录错误的登录尝试(如果有人感兴趣,我将在下面提供该插件的配置):

Apr 19 18:21:42 droplet wordpress(website.com)[17157]: Authentication failure for admin from my.ip.add.ress

似乎filter配置也正确。事实上,如果我运行,fail2ban-client status wordpress我可以看到我的 IP 被禁止:

Status for the jail: wordpress
|- Filter
|  |- Currently failed: 2
|  |- Total failed: 15
|  `- File list:    /var/log/secure
`- Actions
   |- Currently banned: 1
   |- Total banned: 1
   `- Banned IP list:   my.ip.add.ress

并且还fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/wordpress.conf发现Failregex: 102 total

尽管如此,我完全能够浏览该网站并访问登录页面。

当然还缺少一些东西,也许是在 Varnish 方面?我真的找不到,有什么想法吗?

我正在跑步CentOS 7.2.1511,,Apache/2.4.6Varnish 4.0.3


如果有人感兴趣,下面是我如何配置WP fail2ban以使其工作Varnish

  1. 启用插件
  2. 将文件wordpress.conf(包含在插件文件夹中)复制到/etc/fail2ban/filters.d/
  3. 将以下几行添加到/etc/fail2ban/jail.local

    [wordpress]
    enabled = true
    port = http,https
    filter = wordpress
    logpath = /var/log/secure
    
  4. 添加了以下几行到wp-config.php

    define('WP_FAIL2BAN_PROXIES','my.ser.ver.ip');
    define('WP_FAIL2BAN_AUTH_LOG',LOG_AUTHPRIV);
    
  5. /etc/varnish/default.vcl在块中添加了以下几行sub vcl_recv

    if (req.restarts == 0) {
        if (req.http.X-Forwarded-For) {
            set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip;
        } else {
            set req.http.X-Forwarded-For = client.ip;
        }
    }
    
  6. /etc/varnish/default.vcl在块中添加了以下几行sub vcl_pipe

    set bereq.http.connection = "close";
    return (pipe);
    

答案1

好的,找到答案了。我只需在相关jail.local区块中添加禁止操作即可。现在它看起来像这样:

[wordpress]
enabled = true
port = http,https
filter = wordpress
logpath = /var/log/secure
action = iptables-allports

相关内容