Al probar mis aplicaciones fail2bandesde otro servidor veo estos registros:
2021-08-01 18:48:37,692 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:37
2021-08-01 18:48:37,897 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:37
2021-08-01 18:48:38,496 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:38
2021-08-01 18:48:38,671 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:38
2021-08-01 18:48:38,860 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:38
2021-08-01 18:48:38,976 fail2ban.actions [1]: NOTICE [nginx] Ban 51.195.221.70
2021-08-01 18:48:39,234 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:39
[SNIP]
2021-08-01 18:48:41,686 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:41
2021-08-01 18:48:41,872 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:41
2021-08-01 18:48:41,897 fail2ban.actions [1]: NOTICE [nginx] 51.195.221.70 already banned
Las solicitudes pueden continuar incluso cuando se encuentran y se prohíben. Mi contenedor Docker se ve así:
fail2ban:
image: 'crazymax/fail2ban:latest'
restart: 'always'
network_mode: 'host'
cap_add:
- 'NET_ADMIN'
- 'NET_RAW'
volumes:
- 'nginx-log:/var/log:ro'
- 'fail2ban-data:/data'
env_file:
- './fail2ban.env'
Mi configuración es:
jail.d/nginx.conf
[nginx]
enabled = true
logpath = /var/log/access.log
port = http,https
filtro.d/nginx.conf
[Definition]
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .+\" 419 .+$
ignoreregex =
Cualquier ayuda se agradece. ¿Necesito configurar tablas de IP?
Respuesta1
https://github.com/crazy-max/docker-fail2ban/blob/master/examples/jails/traefik/jail.d/traefik.conf
Descubrí que necesitaba agregar algo chain = DOCKER-USERa mi jail.d/nginx.confpara que esto funcionara.