我正在尝试配置fail2ban以禁止错误的WordPress登录尝试,但没有取得太大的成功。
我在用WP fail2ban 3.0.0/var/log/secure据我所知,它可以正确记录错误的登录尝试(如果有人感兴趣,我将在下面提供该插件的配置):
Apr 19 18:21:42 droplet wordpress(website.com)[17157]: Authentication failure for admin from my.ip.add.ress
似乎filter配置也正确。事实上,如果我运行,fail2ban-client status wordpress我可以看到我的 IP 被禁止:
Status for the jail: wordpress
|- Filter
| |- Currently failed: 2
| |- Total failed: 15
| `- File list: /var/log/secure
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: my.ip.add.ress
并且还fail2ban-regex /var/log/secure /etc/fail2ban/filter.d/wordpress.conf发现Failregex: 102 total。
尽管如此,我完全能够浏览该网站并访问登录页面。
当然还缺少一些东西,也许是在 Varnish 方面?我真的找不到,有什么想法吗?
我正在跑步CentOS 7.2.1511,,Apache/2.4.6和Varnish 4.0.3。
如果有人感兴趣,下面是我如何配置WP fail2ban以使其工作Varnish:
- 启用插件
- 将文件
wordpress.conf(包含在插件文件夹中)复制到/etc/fail2ban/filters.d/ 将以下几行添加到
/etc/fail2ban/jail.local[wordpress] enabled = true port = http,https filter = wordpress logpath = /var/log/secure添加了以下几行到
wp-config.php:define('WP_FAIL2BAN_PROXIES','my.ser.ver.ip'); define('WP_FAIL2BAN_AUTH_LOG',LOG_AUTHPRIV);/etc/varnish/default.vcl在块中添加了以下几行sub vcl_recv:if (req.restarts == 0) { if (req.http.X-Forwarded-For) { set req.http.X-Forwarded-For = req.http.X-Forwarded-For + ", " + client.ip; } else { set req.http.X-Forwarded-For = client.ip; } }/etc/varnish/default.vcl在块中添加了以下几行sub vcl_pipe:set bereq.http.connection = "close"; return (pipe);
答案1
好的,找到答案了。我只需在相关jail.local区块中添加禁止操作即可。现在它看起来像这样:
[wordpress]
enabled = true
port = http,https
filter = wordpress
logpath = /var/log/secure
action = iptables-allports