systemctl status fail2ban
fail2ban-client status
fail2ban-client status apache-get-dos - parodo Banned IP list
fail2ban-client banned - parodo Banned IP list
tail -f /var/log/fail2ban.log - live stebejimas requestu
--------------- sukuriam filtra -------------------------
sudo nano /etc/fail2ban/filter.d/nginx-http-get-dos.conf
[Definition]
failregex = ^<HOST> -.*"(GET|POST).*
ignoreregex =
--------------- idedam filtra i jail.local --------------
nano /etc/fail2ban/jail.local
[nginx-http-get-dos]
enabled = true
port = http,https
filter = nginx-http-get-dos
logpath = /var/log/nginx/access.log
maxretry = 30
findtime = 60
bantime = 3600
action = iptables[name=HTTP, port=http, protocol=tcp]
----------------------------------------------
systemctl restart fail2ban
Reikalingas, jei naudojamas Cloudflare A Proxied
a2enmod remoteip
nano remoteip.conf
# Failas: /etc/apache2/conf-available/remoteip.conf
# Įjungia mod_remoteip, kad Apache matytų tikrą lankytojo IP per Cloudflare
RemoteIPHeader X-Forwarded-For
# Cloudflare patikimi proxy IP
RemoteIPTrustedProxy 103.21.244.0/22
....
#ikelti visus ip is cia: https://www.cloudflare.com/ips/
a2enconf remoteip
systemctl restart apache2
Blokuoti IP
fail2ban-client set apache-get-dos banip 11.22.33.44
Atblokuoti IP
fail2ban-client set apache-get-dos unbanip 11.22.33.44
Atblokuoti vius IPs
for jail in $(sudo fail2ban-client status | grep "Jail list:" | cut -d: -f2 | tr ',' ' '); do
for ip in $(sudo fail2ban-client status $jail | grep "Banned IP list:" | cut -d: -f2); do
[ -n "$ip" ] && sudo fail2ban-client set $jail unbanip $ip
done
done