nginx-ultimate-bad-bot-blocker
nginx-ultimate-bad-bot-blocker copied to clipboard
mitchellkrogza
Unable to get repeatoffender regex to match log out put
Hi ..
Trying to stop long term ddos attempts .. I have Nginx Ultimate Bad Bot installed and testing with the given curls proves it is working. I have setup the jail and created the repeatoffender config files and the blank file in etc/fail2ban folder.
it does not seem to match the log lines in my nginx log file (ubuntu 20.04) .. Any help would be appreciated. Jack
A few lines from the nginx log file from an offender spoofing AWS ips.
54.208.151.19 - - [06/Mar/2022:18:59:07 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" 54.208.151.19 - - [06/Mar/2022:18:59:08 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" 54.208.151.19 - - [06/Mar/2022:18:59:10 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1"
From fail2ban-regex output ..
Running tests
Use failregex line : ^<HOST> - \S+ [.] "(GET|POST|HEAD) . \S+" (... Use single line : 54.208.151.19 - - [06/Mar/2022:18:59:33 +0000] ras...
Results
Failregex: 0 total
Ignoreregex: 0 total
Date template hits: |- [# of hits] date format | [1] Day(?P<_sep>[-/])MON(?P=_sep)ExYear[ :]?24hour:Minute:Second(?:.Microseconds)?(?: Zone offset)? `-
Lines: 1 lines, 0 ignored, 0 matched, 1 missed [processed in 0.02 sec]
|- Missed line(s): | 54.208.151.19 - - [06/Mar/2022:18:59:33 +0000] rasaji.com "HEAD / HTTP/1.1" 444 0 "-" "got (https://github.com/sindresorhus/got)" "HTTP/1.1" `-
