Skip to content

Commit 394ccdd

Browse files
committed
Restrict fail2ban to evasive blocks instead of all 403 errors
1 parent 28b40a4 commit 394ccdd

File tree

3 files changed

+22
-3
lines changed

3 files changed

+22
-3
lines changed

cookbooks/apache/recipes/default.rb

+12-3
Original file line numberDiff line numberDiff line change
@@ -105,12 +105,21 @@
105105
end
106106

107107
fail2ban_filter "apache-forbidden" do
108-
failregex '^<ADDR> .* "[^"]*" 403 .*$'
108+
action :delete
109109
end
110110

111111
fail2ban_jail "apache-forbidden" do
112-
filter "apache-forbidden"
113-
logpath "/var/log/apache2/access.log"
112+
action :delete
113+
end
114+
115+
fail2ban_filter "apache-evasive" do
116+
failreges "^Blacklisting address <ADDR>: possible DoS attack\.$"
117+
end
118+
119+
fail2ban_jail "apache-evasive" do
120+
filter "apache-evasive"
121+
backend "systemd"
122+
journalmatch "SYSLOG_IDENTIFIER=mod_evasive"
114123
ports [80, 443]
115124
findtime "1m"
116125
maxretry 50

cookbooks/fail2ban/resources/jail.rb

+4
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,8 @@
2323

2424
property :jail, :kind_of => String, :name_property => true
2525
property :filter, :kind_of => String
26+
property :backend, :kind_of => String
27+
property :journalmatch, :kind_of => String
2628
property :logpath, :kind_of => String
2729
property :protocol, :kind_of => String
2830
property :ports, :kind_of => Array, :default => []
@@ -40,6 +42,8 @@
4042
mode "644"
4143
variables :name => new_resource.jail,
4244
:filter => new_resource.filter,
45+
:backend => new_resource.backend,
46+
:journalmatch => new_resource.journalmatch,
4347
:logpath => new_resource.logpath,
4448
:protocol => new_resource.protocol,
4549
:ports => new_resource.ports,

cookbooks/fail2ban/templates/default/jail.erb

+6
Original file line numberDiff line numberDiff line change
@@ -11,6 +11,12 @@ port = <%= @ports.join(",") %>
1111
<% if @filter -%>
1212
filter = <%= @filter %>
1313
<% end -%>
14+
<% if @backend -%>
15+
backend = <%= @backend %>
16+
<% end -%>
17+
<% if @journalmatch -%>
18+
journalmatch = <%= @journalmatch %>
19+
<% end -%>
1420
<% if @logpath -%>
1521
logpath = <%= @logpath %>
1622
<% end -%>

0 commit comments

Comments
 (0)