每天晚上,机器人都会尝试入侵我的 Apache 服务器:
/var/log/apache2/error.log
输出:
[Mon Dec 30 02:55:39.098671 2019] [php7:error] [pid 14930] [client xxx.xxx.xxx.xxx:62420] script '/var/www/html/test.php' not found or unable to stat
我希望 fail2ban 能够捕获此问题,因为有一个过滤器:apache-noscript.conf
[Definition]
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
^%(_apache_error_client)s script '/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$
默认的 jail.conf 默认如下:
[apache-noscript]
port = http,https
logpath = %(apache_error_log)s
有人知道为什么 fail2ban 仍然不阻止访问吗?
答案1
解决了!
nano /etc/fail2ban/jail.local
[apache-noscript]
enable = true