[BlueOnyx:26300] Re: Saving APF Blacklist opens firewall
Michael Stauber
mstauber at blueonyx.it
Thu Jun 15 12:03:25 -05 2023
Hi John,
> FWIW: I've squelched my current issue with an awk command in a
> relatively simple bash script:
>
> #!/usr/bin/env bash
> #
>
> stdbuf -i0 -o0 -e0 tail -F /var/log/httpd/error_log | stdbuf -i0 -o0
> -e0 sed 's/] \[/|/g;s/\[/|/g;s/\]/|/g' | stdbuf -i0 -o0 -e0 awk -F '|'
> '/AH01630/ { match($5, /^client (.*):/, ip);print "banning " ip[1];
> system("apf -d " ip[1] " banned wp hacker") }'
This may need some tweaking, but to replicate that in Fail2ban I'd
probably do something like this:
Create /etc/fail2ban/filter.d/httpd-ah01630.conf with this in it:
--------------------------------------------------------------
[Definition]
failregex = AH01630: client <HOST> (rejected|denied) by server configuration
ignoreregex =
--------------------------------------------------------------
Create /etc/fail2ban/jail.d/httpd-ah01630.conf with this in it:
--------------------------------------------------------------
[httpd-ah01630]
enabled = true
port = 80,81,443,444
filter = httpd-ah01630
logpath = /var/log/httpd/error_log
--------------------------------------------------------------
Then "systemctl restart fail2ban" to make this active and do some
testing to see if it works.
--
With best regards
Michael Stauber
More information about the Blueonyx
mailing list