我正在使用 Nginx 和 fail2ban 运行 Arch。我已将其添加到 /etc/fail2ban/filter.d/nginx-dos.conf:
# /etc/fail2ban/filter.d/nginx-dos.conf
# Fail2Ban configuration file
#
# Generated on Fri Jun 08 12:09:15 EST 2012 by BeezNest
#
# Author: Yannick Warnir
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: Regexp to catch a generic call from an IP address.
# Values: TEXT
#
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
然后我转到 /etc/fail2ban/jail.conf 并添加了以下内容:
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 240 pages in 60 seconds, or 4p/s average, is suspicious)
# Block for two full days.
# @author Yannick Warnier
enabled = true
port = http
filter = nginx-dos
logpath = /var/log/nginx/access.log
findtime = 60
bantime = 172800
maxretry = 1
action = iptables[name=HTTP, port=http, protocol=tcp]
当我运行tail -f /var/log/fail2ban.log并在我的网站上进行垃圾下载时,它确实返回:
2020-09-19 13:13:24,726 fail2ban.actions [551857]: WARNING [nginx-dos] 66.249.66.79 already banned
如果我运行iptables -L它,它将返回:
REJECT all -- crawl-66-249-66-79.googlebot.com anywhere reject-with icmp-port-unreachable
在这种情况下,它阻止了一个谷歌机器人。但是,我让fail2ban报告我自己的IP被禁止,但我仍然可以完全访问该网站。我不知道我在这里错过了什么。一切似乎都很好,但仍然没有被拒绝。有人能帮我弄清楚发生了什么吗?谢谢
答案1
发现问题了,我的操作语句没有包含HTTPS,只有HTTP,所以我修改成这样:
action = iptables-multiport[name=HTTP, port="http,https", protocol=tcp]