raine/etcprs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

updates to fail2ban configs
All checks were successful
Deploy / Check & Build (push) Successful in 1m18s
Details
Deploy / Deploy to Production (push) Successful in 1m13s
Details

Browse Source
This commit is contained in:
RaineAllDay
2026-03-18 20:57:17 -06:00
parent 8cba49618e
commit 8eb864192a
2 changed files with 38 additions and 39 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
scripts/fail2ban/nginx-scan.conf
View File

@@ -1,8 +1,10 @@
[Definition]
# Match lines from nginx access log with 4xx/5xx responses
# Nginx combined log format:
# 1.2.3.4 - - [18/Mar/2026:09:45:00 +0000] "GET /backend/config/default.yml HTTP/1.1" 404 ...
failregex = ^<HOST> .+ "(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) .+ HTTP/\d\.\d" 40[0-9] .+$
^<HOST> .+ "(GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) .+ HTTP/\d\.\d" 5[0-9]{2} .+$
# Matches Nginx combined log format:
# 1.2.3.4 - - [18/Mar/2026:09:45:00 +0000] "GET /path HTTP/1.1" 404 162 "-" "agent"
#
# Triggers on 4xx responses (config probes, scanners, bad requests)
# 5xx excluded to avoid banning on legitimate server errors
ignoreregex =
failregex = ^<HOST> - \S+ \[.*?\] "(?:GET|POST|HEAD|PUT|DELETE|OPTIONS|PATCH) \S+ HTTP/\d\.\d" 4\d\d \d+
ignoreregex = ^<HOST> - \S+ \[.*?\] "\S+ \S+ HTTP/\d\.\d" 400 \d+.*"NTRIP