Salut à tous,
J'ai installé sur un vm bien fraiche, fail2ban +nginx. J'ai mis en place un jail qui gère le ban des IP en fonction du nb de connection/min.
jail.local :
Code:
[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 240 pages in 60 seconds, or 4p/s average, is suspicious)
# Block for two full days.
# @author Yannick Warnier
enabled = true
port = http,8090
filter = nginx-dos
logpath = /var/log/nginx/monsite.access.log
findtime = 60
bantime = 172800
maxretry = 50
nginx-dos.conf :
Code:
# Fail2Ban configuration file
#
# Generated on Fri Jun 08 12:09:15 EST 2012 by BeezNest
#
# Author: Yannick Warnier
#
# $Revision: 1 $
#
[Definition]
# Option: failregex
# Notes.: Regexp to catch a generic call from an IP address.
# Values: TEXT
#
failregex = ^ -.*"(GET|POST).*HTTP.*"$
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
fail2ban-client status :
Code:
Status
|- Number of jail: 2
`- Jail list: nginx-dos, ssh
fail2ban-client status nginx-dos
Code:
Status for the jail: nginx-dos
|- filter
| |- File list: /var/log/nginx/monsite.access.log
| |- Currently failed: 0
| `- Total failed: 0
`- action
|- Currently banned: 0
| `- IP list:
`- Total banned: 0
/var/log/fail2ban.log :
Code:
2015-11-28 19:51:32,103 fail2ban.server [18512]: INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.13
2015-11-28 19:51:32,103 fail2ban.jail [18512]: INFO Creating new jail 'ssh'
2015-11-28 19:51:32,119 fail2ban.jail [18512]: INFO Jail 'ssh' uses pyinotify
2015-11-28 19:51:32,136 fail2ban.jail [18512]: INFO Initiated 'pyinotify' backend
2015-11-28 19:51:32,138 fail2ban.filter [18512]: INFO Added logfile = /var/log/auth.log
2015-11-28 19:51:32,138 fail2ban.filter [18512]: INFO Set maxRetry = 6
2015-11-28 19:51:32,139 fail2ban.filter [18512]: INFO Set findtime = 600
2015-11-28 19:51:32,140 fail2ban.actions[18512]: INFO Set banTime = 600
2015-11-28 19:51:32,165 fail2ban.jail [18512]: INFO Creating new jail 'nginx-dos'
2015-11-28 19:51:32,165 fail2ban.jail [18512]: INFO Jail 'nginx-dos' uses pyinotify
2015-11-28 19:51:32,168 fail2ban.jail [18512]: INFO Initiated 'pyinotify' backend
2015-11-28 19:51:32,169 fail2ban.filter [18512]: INFO Added logfile = /var/log/nginx/monsite.access.log
2015-11-28 19:51:32,170 fail2ban.filter [18512]: INFO Set maxRetry = 50
2015-11-28 19:51:32,171 fail2ban.filter [18512]: INFO Set findtime = 60
2015-11-28 19:51:32,171 fail2ban.actions[18512]: INFO Set banTime = 172800
2015-11-28 19:51:32,176 fail2ban.jail [18512]: INFO Jail 'ssh' started
2015-11-28 19:51:32,177 fail2ban.jail [18512]: INFO Jail 'nginx-dos' started
Vous avez déjà eu le tour ou alors, le problème vient de la config qui est pas bonne ? :-/
Merci d'avance