yurilima/Alpha
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
Files
c1ce709c4117340ba9442de65893dbc42b6a4b71
Alpha/fail2ban/jail.d/nginx-phoenix.local
Yuri-Lima c1ce709c41 First commit to filter/jails Fail2ban
2025-09-01 13:09:39 +02:00

88 lines
2.4 KiB
Plaintext
Raw Blame History

This file contains ambiguous Unicode characters

This file contains Unicode characters that might be confused with other characters. If you think that this is intentional, you can safely ignore this warning. Use the Escape button to reveal them.

# /etc/fail2ban/jail.d/nginx-phoenix.local
[DEFAULT]
backend = polling
findtime = 10m
# ban timing: start short, escalate for repeat offenders, add jitter to avoid stampedes
bantime = 5m
bantime.increment = true
bantime.factor = 1.5
bantime.overalljails = true
bantime.rndtime = 60s
# honor your global ignore list from 00-defaults.local (dont repeat here)
# -----------------------------
# Common scanners / bad bots
# -----------------------------
[nginx-badbots]
enabled = true
filter = nginx-badbots
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 2m
maxretry = 5
bantime = 30m
# -----------------------------
# Bot search / generic probing
# (odd paths, wp-admin, phpinfo, etc.)
# -----------------------------
[nginx-botsearch]
enabled = true
filter = nginx-botsearch
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 5m
maxretry = 6
bantime = 30m
# -----------------------------
# Many 4xx in a short window
# (likely brute/scan or broken client)
# -----------------------------
[nginx-4xx]
enabled = true
filter = nginx-4xx
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 5m
maxretry = 20
bantime = 15m
# -----------------------------
# Simple HTTP GET/POST flood
# (rate-based; pairs well with nginx rate limit) http-get-dos
# Not in use anymore, because to avoid bloking phx url paths, i would have to manually add all of them to avoi be banned. Instead we use
# nginx-429 witch is managed by nginx and once it hits the rate limit, it send back a 429 status code.
# -----------------------------
# [http-get-dos]
# enabled = true
# filter = http-get-dos-compressed
# logpath = /data/nginx-logs/access_json.log
# port = 80,443,3000
# findtime = 60s
# maxretry = 20
# bantime = 10m
# -----------------------------
# (Optional) recidive: longer ban for repeat offenders across jails
# Requires fail2ban.log inside the container (already present by default)
# -----------------------------
# [recidive]
# enabled = true
# logpath = /data/fail2ban.log /var/log/fail2ban.log
# backend = auto
# banaction = nftables-allports
# findtime = 12h
# maxretry = 4
# bantime = 24h
[nginx-429]
enabled = true
filter = nginx-429
logpath = /data/nginx-logs/access_json.log
port = 80,443,3000
findtime = 60s
maxretry = 10
bantime = 10m
Reference in New Issue View Git Blame Copy Permalink