Ich versuche, einige Jails im Zusammenhang mit Nginx einzurichten. Aber mir ist aufgefallen, dass fail2ban die IP mit IPTables sperrt, ich mich aber trotzdem mit dem Formular anmelden kann.
[sshd]
enabled = true
filter = sshd
maxretry = 3
action = iptables[name=SSH, port=xxxxx, protocol=tcp]
telegram
port = 23561
bantime = -1
findtime = 30m
logpath = %(sshd_log)s
backend = %(sshd_backend)s
[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
logpath = /var/log/nginx*/*error*.log
bantime = -1
maxretry = 6
[nginx-login]
enabled = true
filter = nginx-login
action = iptables-multiport[name=NoLoginFailures, port="http,https"]
telegram
logpath = /var/log/nginx*/*access*.log
bantime = -1
maxretry = 6
[nginx-badbots]
enabled = true
filter = apache-badbots
action = iptables-multiport[name=BadBots, port="http,https"]
telegram
logpath = /var/log/nginx*/*access*.log
bantime = -1
maxretry = 1
[nginx-noscript]
enabled = true
action = iptables-multiport[name=NoScript, port="http,https"]
telegram
filter = nginx-noscript
logpath = /var/log/nginx*/*access*.log
maxretry = 6
bantime = -1
[nginx-proxy]
enabled = true
action = iptables-multiport[name=NoProxy, port="http,https"]
telegram
filter = nginx-proxy
logpath = /var/log/nginx*/*access*.log
maxretry = 0
bantime = -1
Meine Filter stammen von:https://snippets.aktagon.com/snippets/554-wie-sichert-man-einen-nginx-server-mit-fail2ban