troubleshooting Question

fail2ban: block 404

Avatar of ee-gd
ee-gdFlag for United Kingdom of Great Britain and Northern Ireland asked on
LinuxApache Web ServerLinux Security
1 Comment1 Solution2660 ViewsLast Modified:
I tried to block these by putting the following in place, but it is not working for some reason. I'd like to be able to block guys poking around...

1) is this how it should be done?
2) and if so what am I doing wrong?

this is in jail.conf
[apache-404]
enabled = true
port = http,https
filter = apache-404
action   = iptables-multiport[name=apache-404, port="http,https"]
           sendmail-buffered[name=apache-404, dest=tech-fail2ban@domain.com, sender=fail2ban@ip$
logpath = /var/log/httpd/access_log
bantime = 3600
findtime = 600
maxretry = 5

this is in apache-404.conf
[Definition]
failregex = (?P<host>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+ 404 [0-9]+ "
ignoreregex = .*(robots.txt|favicon.ico)

these are the log file names
[root@ip httpd]# ls -la
total 211792
drwx------  2 root root     4096 May 20 04:02 .
drwxr-xr-x 13 root root     4096 May 25 04:02 ..
-rw-r--r--  1 root root 19490227 May 25 10:53 access_log
-rw-r--r--  1 root root 25070859 May 20 04:01 access_log.1
-rw-r--r--  1 root root 24586048 May 13 04:01 access_log.2
-rw-r--r--  1 root root 24929595 May  6 04:01 access_log.3
-rw-r--r--  1 root root 24238521 Apr 29 04:01 access_log.4
-rw-r--r--  1 root root        0 Dec 12 11:37 eaccelerator_log
-rw-r--r--  1 root root  5218098 May 25 10:51 error_log
-rw-r--r--  1 root root  6062605 May 20 04:02 error_log.1
-rw-r--r--  1 root root  6837961 May 13 04:02 error_log.2
-rw-r--r--  1 root root  6209269 May  6 04:02 error_log.3
-rw-r--r--  1 root root  7650185 Apr 29 04:02 error_log.4
-rw-r--r--  1 root root  8338825 May 25 10:54 ssl_access_log
-rw-r--r--  1 root root 10554090 May 20 02:10 ssl_access_log.1
-rw-r--r--  1 root root 10519807 May 13 02:55 ssl_access_log.2
-rw-r--r--  1 root root 11171265 May  6 02:31 ssl_access_log.3
-rw-r--r--  1 root root 10304696 Apr 29 04:01 ssl_access_log.4
-rw-r--r--  1 root root  4102218 May 25 10:04 ssl_error_log
-rw-r--r--  1 root root  2306554 May 20 04:02 ssl_error_log.1
-rw-r--r--  1 root root  2271272 May 13 04:02 ssl_error_log.2
-rw-r--r--  1 root root  2164779 May  6 04:02 ssl_error_log.3
-rw-r--r--  1 root root  4466102 Apr 29 04:02 ssl_error_log.4
-rw-r--r--  1 root root      444 May 25 09:30 ssl_request_log
-rw-r--r--  1 root root      328 May 18 00:37 ssl_request_log.1
-rw-r--r--  1 root root      981 May 13 00:42 ssl_request_log.2
-rw-r--r--  1 root root       79 May  2 18:54 ssl_request_log.3
-rw-r--r--  1 root root      646 Apr 27 03:45 ssl_request_log.4
ASKER CERTIFIED SOLUTION
Sudeep Sharma
Technical Designer

Our community of experts have been thoroughly vetted for their expertise and industry experience.

Join our community to see this answer!
Unlock 1 Answer and 1 Comment.
Start Free Trial
Learn from the best

Network and collaborate with thousands of CTOs, CISOs, and IT Pros rooting for you and your success.

Andrew Hancock - VMware vExpert
See if this solution works for you by signing up for a 7 day free trial.
Unlock 1 Answer and 1 Comment.
Try for 7 days

”The time we save is the biggest benefit of E-E to our team. What could take multiple guys 2 hours or more each to find is accessed in around 15 minutes on Experts Exchange.

-Mike Kapnisakis, Warner Bros