Avatar of ee-gd
ee-gd
Flag for United Kingdom of Great Britain and Northern Ireland asked on

fail2ban: block 404

I tried to block these by putting the following in place, but it is not working for some reason. I'd like to be able to block guys poking around...

1) is this how it should be done?
2) and if so what am I doing wrong?

this is in jail.conf
[apache-404]
enabled = true
port = http,https
filter = apache-404
action   = iptables-multiport[name=apache-404, port="http,https"]
           sendmail-buffered[name=apache-404, dest=tech-fail2ban@domain.com, sender=fail2ban@ip$
logpath = /var/log/httpd/access_log
bantime = 3600
findtime = 600
maxretry = 5

Open in new window


this is in apache-404.conf
[Definition]
failregex = (?P<host>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+ 404 [0-9]+ "
ignoreregex = .*(robots.txt|favicon.ico)

Open in new window


these are the log file names
[root@ip httpd]# ls -la
total 211792
drwx------  2 root root     4096 May 20 04:02 .
drwxr-xr-x 13 root root     4096 May 25 04:02 ..
-rw-r--r--  1 root root 19490227 May 25 10:53 access_log
-rw-r--r--  1 root root 25070859 May 20 04:01 access_log.1
-rw-r--r--  1 root root 24586048 May 13 04:01 access_log.2
-rw-r--r--  1 root root 24929595 May  6 04:01 access_log.3
-rw-r--r--  1 root root 24238521 Apr 29 04:01 access_log.4
-rw-r--r--  1 root root        0 Dec 12 11:37 eaccelerator_log
-rw-r--r--  1 root root  5218098 May 25 10:51 error_log
-rw-r--r--  1 root root  6062605 May 20 04:02 error_log.1
-rw-r--r--  1 root root  6837961 May 13 04:02 error_log.2
-rw-r--r--  1 root root  6209269 May  6 04:02 error_log.3
-rw-r--r--  1 root root  7650185 Apr 29 04:02 error_log.4
-rw-r--r--  1 root root  8338825 May 25 10:54 ssl_access_log
-rw-r--r--  1 root root 10554090 May 20 02:10 ssl_access_log.1
-rw-r--r--  1 root root 10519807 May 13 02:55 ssl_access_log.2
-rw-r--r--  1 root root 11171265 May  6 02:31 ssl_access_log.3
-rw-r--r--  1 root root 10304696 Apr 29 04:01 ssl_access_log.4
-rw-r--r--  1 root root  4102218 May 25 10:04 ssl_error_log
-rw-r--r--  1 root root  2306554 May 20 04:02 ssl_error_log.1
-rw-r--r--  1 root root  2271272 May 13 04:02 ssl_error_log.2
-rw-r--r--  1 root root  2164779 May  6 04:02 ssl_error_log.3
-rw-r--r--  1 root root  4466102 Apr 29 04:02 ssl_error_log.4
-rw-r--r--  1 root root      444 May 25 09:30 ssl_request_log
-rw-r--r--  1 root root      328 May 18 00:37 ssl_request_log.1
-rw-r--r--  1 root root      981 May 13 00:42 ssl_request_log.2
-rw-r--r--  1 root root       79 May  2 18:54 ssl_request_log.3
-rw-r--r--  1 root root      646 Apr 27 03:45 ssl_request_log.4

Open in new window

Linux SecurityLinuxApache Web Server

Avatar of undefined
Last Comment
Sudeep Sharma

8/22/2022 - Mon
ASKER CERTIFIED SOLUTION
Sudeep Sharma

Log in or sign up to see answer
Become an EE member today7-DAY FREE TRIAL
Members can start a 7-Day Free trial then enjoy unlimited access to the platform
Sign up - Free for 7 days
or
Learn why we charge membership fees
We get it - no one likes a content blocker. Take one extra minute and find out why we block content.
Not exactly the question you had in mind?
Sign up for an EE membership and get your own personalized solution. With an EE membership, you can ask unlimited troubleshooting, research, or opinion questions.
ask a question
This is the best money I have ever spent. I cannot not tell you how many times these folks have saved my bacon. I learn so much from the contributors.
rwheeler23