Debian Jessie
Fail2Ban v0.8.13
/etc/fail2ban/jail.conf
Code: Alles auswählen
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache2/error.log
maxretry = 1/etc/fail2ban/filter.d/apache-noscript.conf
Code: Alles auswählen
# Fail2Ban configuration file
#
#
#
[Definition]
# Option: failregex
# Notes.: regex to match the password failure messages in the logfile. The
# host must be matched by a group named "host". The tag "<HOST>" can
# be used for standard IP/hostname matching and is only an alias for
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values: TEXT
#
failregex = ^\[.*]* \[client <HOST>:[0-9]+\] script '/\S*(\php|\php4|\php5|\php-cgi|\php.cgi|\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat *$
^\[.*]* \[client <HOST>:[0-9]+\] script not found or unable to stat:
# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =