How To use fail2ban for Nginx?

security nginx fail2ban
14,530

Start with below http://snippets.aktagon.com/snippets/554-How-to-Secure-an-nginx-Server-with-Fail2Ban

New filter in /etc/fail2ban/nginx-dos.conf:

# Fail2Ban configuration file
#
# Generated on Fri Jun 08 12:09:15 EST 2012 by BeezNest
#
# Author: Yannick Warnir
#
# $Revision: 1 $
#

[Definition]
# Option:  failregex
# Notes.:  Regexp to catch a generic call from an IP address.
# Values:  TEXT
#
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

In our jail.local, we have (at the end of the file):

[nginx-dos]
# Based on apache-badbots but a simple IP check (any IP requesting more than
# 240 pages in 60 seconds, or 4p/s average, is suspicious)
# Block for two full days.
# @author Yannick Warnier
enabled = true
port    = http,8090
filter  = nginx-dos
logpath = /var/log/nginx/*-access.log
findtime = 60
bantime  = 172800
maxretry = 240

Of course, in case you would be logging all resources of your site (images, css, js, etc), it would be really easy to get to those numbers as a normal user. To avoid this, use the access_log off directive of Nginx, like so:

 # Serve static files directly
        location ~* \.(png|jpe?g|gif|ico)$ {
                expires 1y;
                access_log off;
                try_files $uri $uri/ @rewrite;
                gzip off;
        }
        location ~* \.(mp3)$ {
                expires 1y;
                access_log off;
                gzip off;
        }
        location ~* \.(css)$ {
                expires 1d;
                access_log off;
        }
        location ~* \.(js)$ {
                expires 1h;
                access_log off;
        }
Share:
14,530

Related videos on Youtube

THpubs
Author by

THpubs

I'm a Developer, Designer, Inventor and A Buddhist. Founder of @LeafyCode 🍃 💻 and @SLDevTalks 🎤 #NodeJS | #JavaScript | #TypeScript | #Docker | #Kubernetes | #GraphQL | #React | #ReactNative | #Hasura | #NextJS | #GraphQL

Updated on September 18, 2022

Comments

  • THpubs
    THpubs almost 2 years

    How can I use fail2ban on an Nginx server? What are the rules to put in the jails.conf?

  • THpubs
    THpubs almost 12 years
    nginx-dos.conf should be in filter.d folder right?
  • iDev247
    iDev247 about 10 years
    late response but for anyone else that sees this... yes in filter.d

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Fail2Ban blocking behaviours depending on the status code
How to Override Content-Security-Policy of Site A while using nginx proxy_pass on Site B for serving content?
Securing a Docker container with HTTP BASIC AUTH
Does renewing SSL certificate require re-issuing the cert?
Job for fail2ban.service failed because the control process exited with error code
Fail2Ban or DenyHosts to block invalid username SSH login attempts
potential ufw and fail2ban conflicts
Can I skip the PEM pass phrase question when I restart the webserver?
Systematic attacks on multiple services & ports (getting past NAT) on hobby server
socket: Connection refused on NGINX web server