什么是正确的 fail2ban 正则表达式来阻止此类请求?
摘录自 apache access.log
181.204.83.115 - - [28/Mar/2024:17:38:47 +0200] "POST /login.php HTTP/1.1" 200 11593
和
181.204.83.115 - - [28/Mar/2024:17:38:47 +0200] "GET /login.php HTTP/1.1" 200 11593
我尝试过这些,但没有成功:
failregex = ^<host> .* "POST /login.php
failregex = ^<HOST> .* "GET /login.php
failregex = ^<HOST> -.*"(GET|POST).*login.php*
failregex = [[]client <HOST>[]] - - "login.php"
failregex = ^ .* "POST .*login.php HTTP/.*" 200
但是运行 fail2ban-regex 时出现以下问题:
No 'host' group in '/etc/filter.d/filternamefile.conf'
Cannot remove regular expression. Index 0 is not valid