Menu
I would like to fail2ban repeated 401 errors to my site
My log file entry...
116.108.172.173 - - [28/Aug/2018:08:30:36 -0400] "GET / HTTP/1.1" 401 742
My Attempt at fail2ban conf
[Definition]
failregex = (?P<host>[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}\.[0-9]{1,3}) . . .+ .+ .+ .+ .+ 401 [0-9]+
It doesn't seem to be working, any ideas?
375
Keep your regex simple.
[Definition]
failregex = ^<HOST> .+\" 401 \d+ .*$
should do the job
102
answered Jan 26 '26 10:01
Fedora 27 / CentOS / RHEL
etc > fail2ban > filter.d > some-new-filter.conf
:: examples for filtering out .cgi and 404 requests, whilst preventing anything but the actual domain
:: referer:
[Definition]
failregex = ^<HOST>.*(\.cgi\?).*$
^<HOST>.+\/.+\/.+\/.*\"\s(404)\s.*$
^<HOST>.+\/.+\/.+\/.*(\"http:\/\/some\.info\/.+\")\s.*$
then: etc > fail2ban > jail.conf
[some-new-filter]
port = http,https
logpath = %(apache_access_log)s
%(apache_error_log)s
maxretry = 2
Test with:
fail2ban-regex /var/log/httpd/error_log /etc/fail2ban/filter.d/some-new-filter.conf
fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/some-new-filter.conf
Restart fail2ban
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With