從另一台伺服器測試我的應用程式時fail2ban,我看到以下日誌:
2021-08-01 18:48:37,692 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:37
2021-08-01 18:48:37,897 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:37
2021-08-01 18:48:38,496 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:38
2021-08-01 18:48:38,671 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:38
2021-08-01 18:48:38,860 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:38
2021-08-01 18:48:38,976 fail2ban.actions [1]: NOTICE [nginx] Ban 51.195.221.70
2021-08-01 18:48:39,234 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:39
[SNIP]
2021-08-01 18:48:41,686 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:41
2021-08-01 18:48:41,872 fail2ban.filter [1]: INFO [nginx] Found 51.195.221.70 - 2021-08-01 18:48:41
2021-08-01 18:48:41,897 fail2ban.actions [1]: NOTICE [nginx] 51.195.221.70 already banned
即使被發現並被禁止,這些請求仍然可以繼續。我的 Docker 容器如下所示:
fail2ban:
image: 'crazymax/fail2ban:latest'
restart: 'always'
network_mode: 'host'
cap_add:
- 'NET_ADMIN'
- 'NET_RAW'
volumes:
- 'nginx-log:/var/log:ro'
- 'fail2ban-data:/data'
env_file:
- './fail2ban.env'
我的配置是:
監獄.d/nginx.conf
[nginx]
enabled = true
logpath = /var/log/access.log
port = http,https
過濾器.d/nginx.conf
[Definition]
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .+\" 419 .+$
ignoreregex =
任何幫助表示讚賞。我需要配置IP表嗎?
答案1
https://github.com/crazy-max/docker-fail2ban/blob/master/examples/jails/traefik/jail.d/traefik.conf
我發現我需要添加chain = DOCKER-USER到我的jail.d/nginx.conf才能使這項工作正常進行。