Link to home
Start Free TrialLog in
Avatar of ee-gd
ee-gdFlag for United Kingdom of Great Britain and Northern Ireland

asked on

fail2ban: block 404

I tried to block these by putting the following in place, but it is not working for some reason. I'd like to be able to block guys poking around...

1) is this how it should be done?
2) and if so what am I doing wrong?

this is in jail.conf
[apache-404]
enabled = true
port = http,https
filter = apache-404
action   = iptables-multiport[name=apache-404, port="http,https"]
           sendmail-buffered[name=apache-404, dest=tech-fail2ban@domain.com, sender=fail2ban@ip$
logpath = /var/log/httpd/access_log
bantime = 3600
findtime = 600
maxretry = 5

Open in new window


this is in apache-404.conf
[Definition]
failregex = (?P<host>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) .+ 404 [0-9]+ "
ignoreregex = .*(robots.txt|favicon.ico)

Open in new window


these are the log file names
[root@ip httpd]# ls -la
total 211792
drwx------  2 root root     4096 May 20 04:02 .
drwxr-xr-x 13 root root     4096 May 25 04:02 ..
-rw-r--r--  1 root root 19490227 May 25 10:53 access_log
-rw-r--r--  1 root root 25070859 May 20 04:01 access_log.1
-rw-r--r--  1 root root 24586048 May 13 04:01 access_log.2
-rw-r--r--  1 root root 24929595 May  6 04:01 access_log.3
-rw-r--r--  1 root root 24238521 Apr 29 04:01 access_log.4
-rw-r--r--  1 root root        0 Dec 12 11:37 eaccelerator_log
-rw-r--r--  1 root root  5218098 May 25 10:51 error_log
-rw-r--r--  1 root root  6062605 May 20 04:02 error_log.1
-rw-r--r--  1 root root  6837961 May 13 04:02 error_log.2
-rw-r--r--  1 root root  6209269 May  6 04:02 error_log.3
-rw-r--r--  1 root root  7650185 Apr 29 04:02 error_log.4
-rw-r--r--  1 root root  8338825 May 25 10:54 ssl_access_log
-rw-r--r--  1 root root 10554090 May 20 02:10 ssl_access_log.1
-rw-r--r--  1 root root 10519807 May 13 02:55 ssl_access_log.2
-rw-r--r--  1 root root 11171265 May  6 02:31 ssl_access_log.3
-rw-r--r--  1 root root 10304696 Apr 29 04:01 ssl_access_log.4
-rw-r--r--  1 root root  4102218 May 25 10:04 ssl_error_log
-rw-r--r--  1 root root  2306554 May 20 04:02 ssl_error_log.1
-rw-r--r--  1 root root  2271272 May 13 04:02 ssl_error_log.2
-rw-r--r--  1 root root  2164779 May  6 04:02 ssl_error_log.3
-rw-r--r--  1 root root  4466102 Apr 29 04:02 ssl_error_log.4
-rw-r--r--  1 root root      444 May 25 09:30 ssl_request_log
-rw-r--r--  1 root root      328 May 18 00:37 ssl_request_log.1
-rw-r--r--  1 root root      981 May 13 00:42 ssl_request_log.2
-rw-r--r--  1 root root       79 May  2 18:54 ssl_request_log.3
-rw-r--r--  1 root root      646 Apr 27 03:45 ssl_request_log.4

Open in new window

ASKER CERTIFIED SOLUTION
Avatar of Sudeep Sharma
Sudeep Sharma
Flag of India image

Link to home
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
Start Free Trial