Add example of fail2ban to block 403 forbidden tries

2022-12-15 11:29:32 +01:00 · 2022-12-15 11:29:32 +01:00 · 77265b8828
commit 77265b8828
parent 2f42cf4772
1 changed files with 19 additions and 0 deletions
--- a/dev/setup/fail2ban/filter.d/web-accesslog-limit403.conf
+++ b/dev/setup/fail2ban/filter.d/web-accesslog-limit403.conf
@ -0,0 +1,19 @@
+# Fail2Ban configuration file
+#
+# Regexp to detect forbidden access on pages (public or not) so we can add mitigation on IP making too much 
+# access to your a Dolibarr instance.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `myvirtualhost.com:443 1.2.3.4 - - [15/Dec/2022:09:57:47 +0000] "GET /public/.*" 403 123 "-" "Mozilla" >> /var/log/apache2/access.log
+#
+# then 
+# fail2ban-client status web-accesslog-limit403 
+#
+# To test rule file on a existing log file
+# fail2ban-regex /var/log/apache2/access.log /etc/fail2ban/filter.d/web-accesslog-limit403.conf
+
+failregex = <HOST> - - .*HTTP/[0-9]+(.[0-9]+)?" 403
+ignoreregex =