yurilima/Alpha
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Update Fail2ban configuration for nginx: increase maxretry from 20 to 50 in nginx-4xx jail to enhance security measures against repeated offenses.

Browse Source
This commit is contained in:
Yuri-Lima
2025-09-24 16:01:30 +02:00
parent 414e40619f
commit 1bb89e6286
2 changed files with 89 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
fail2ban/jail.d/nginx-phoenix.local
View File

@@ -47,7 +47,7 @@ filter = nginx-4xx
logpath = /data/nginx-logs/access_json.log logpath = /data/nginx-logs/access_json.log
port = 80,443,3000 port = 80,443,3000
findtime = 5m findtime = 5m
maxretry = 20 maxretry = 50
bantime = 15m bantime = 15m
# ----------------------------- # -----------------------------

88
fail2ban/jail.d/nginx-phoenix.local.2454726.2025-09-24@15:59:59~ Normal file
View File

@@ -0,0 +1,88 @@
# /etc/fail2ban/jail.d/nginx-phoenix.local
[DEFAULT]
backend = polling
findtime = 10m
# ban timing: start short, escalate for repeat offenders, add jitter to avoid stampedes
bantime = 5m
bantime.increment = true
bantime.factor = 1.5
bantime.overalljails = true
bantime.rndtime = 60s
# honor your global ignore list from 00-defaults.local (dont repeat here)
# -----------------------------
# Common scanners / bad bots
# -----------------------------
[nginx-badbots]
enabled = true
filter = nginx-badbots
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 2m
maxretry = 5
bantime = 30m
# -----------------------------
# Bot search / generic probing
# (odd paths, wp-admin, phpinfo, etc.)
# -----------------------------
[nginx-botsearch]
enabled = true
filter = nginx-botsearch
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 5m
maxretry = 6
bantime = 30m
# -----------------------------
# Many 4xx in a short window
# (likely brute/scan or broken client)
# -----------------------------
[nginx-4xx]
enabled = true
filter = nginx-4xx
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 5m
maxretry = 20
bantime = 15m
# -----------------------------
# Simple HTTP GET/POST flood
# (rate-based; pairs well with nginx rate limit) http-get-dos
# Not in use anymore, because to avoid bloking phx url paths, i would have to manually add all of them to avoi be banned. Instead we use
# nginx-429 witch is managed by nginx and once it hits the rate limit, it send back a 429 status code.
# -----------------------------
# [http-get-dos]
# enabled = true
# filter = http-get-dos-compressed
# logpath = /data/nginx-logs/access_json.log
# port = 80,443,3000
# findtime = 60s
# maxretry = 20
# bantime = 10m
# -----------------------------
# (Optional) recidive: longer ban for repeat offenders across jails
# Requires fail2ban.log inside the container (already present by default)
# -----------------------------
# [recidive]
# enabled = true
# logpath = /data/fail2ban.log /var/log/fail2ban.log
# backend = auto
# banaction = nftables-allports
# findtime = 12h
# maxretry = 4
# bantime = 24h
[nginx-429]
enabled = true
filter = nginx-429
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 60s
maxretry = 10
bantime = 10m