我有一个问题。我试图用 fail2ban 捕获 404 错误并忽略图像文件。
我的过滤文件中有这个但它不起作用:
[Definition]
ignoreregex = ^.* - - \[.*\] \"(GET|POST|HEAD) .*?\.(jpg|jpeg|png|gif|bmp|webp|svg|ico) HTTP/.*\" 404 .*$
failregex = ^.* <HOST> - -.*"(GET|POST|HEAD).*HTTP.*" (404|400) .*"$
因为它不起作用,所以我尝试在 ignorerege 中放入相同的正则表达式。这是我的过滤文件
[Definition]
ignoreregex = ^.* <HOST> - -.*"(GET|POST|HEAD).*HTTP.*" (404|400) .*"$
failregex = ^.* <HOST> - -.*"(GET|POST|HEAD).*HTTP.*" (404|400) .*"$
请注意,ignoreregex 和 failregex 对于测试是相同的。当我使用 fail2ban-regex 进行测试时,failregex 可以匹配,但 ignoreregex 不匹配:
aaa-bb.example.com:443 11.22.33.44 - - [25/Apr/2024:10:41:16 +0000] "GET /content/images/13-09-18.jpg.jpg HTTP/1.1" 404 510 "https://aaa-bb.example.com/users/m_3?fr&6&R109&26&en" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"
测试如下:
#fail2ban-regex 'aaa-bb.example.com:443 11.22.33.44 - - [25/Apr/2024:10:41:16 +0000] "GET /content/images/13-09-18.jpg.jpg HTTP/1.1" 404 510 "https://aaa-bb.example.com/users/m_3?fr&6&R109&26&en" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/124.0.0.0 Safari/537.36"' apache-404.conf
Running tests
=============
Use failregex file : apache-404.conf
Use single line : aaa-bb.example.com:443 11.22.33.44 - - [25/Apr/202...
Results
=======
Failregex: 1 total
|- #) [# of hits] regular expression
| 1) [1] ^.* <HOST> - -.*"(GET|POST|HEAD).*HTTP.*" (404|400) .*"$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [1] Day/MONTH/Year:Hour:Minute:Second
`-
Lines: 1 lines, 0 ignored, 1 matched, 0 missed
它匹配,但是并没有被忽略。