我在 CentOS 7 上使用 fail2ban 0.9.7 和 Apache 反向代理,试图禁止机器人尝试以开放代理的身份访问我的服务器,例如:
221.8.179.164 - - [10/Jun/2019:22:04:19 +0200] "CONNECT auth.riotgames.com:443 HTTP/1.1" 405 235 "-" "Mozilla/5.0 (Windows NT 6.1; rv:27.0) Gecko/20100101 Firefox/27.0"
其中一些请求由于某种原因返回 200,尽管ProxyRequests已关闭。
这是我的配置:
[Definition]
failregex = ^<HOST> - -.*"(GET|POST|HEAD|CONNECT).*(bad_host_1|bad_host_2|bad_host_3).*"$
ignoreregex =
[apache-badhosts]
port = http,https
# I made sure this is the proper path
logpath = /var/log/httpd/access_log
bantime = 172800
maxretry = 1
enabled = true
这是结果fail2ban-regex:
user@host /e/fail2ban> sudo fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-badhosts.conf
Running tests
=============
Use …