嗨团队, 首先感谢您投入宝贵的时间来帮助像我这样的初学者。
我在centos中安装了失败的2禁令
在我的haproxy日志中
Mar 7 02:37:07 localhost haproxy[9378]: 115.xxx.xxx.xxx:19004 [07/Mar/2015:02:37:03.823] http-ingress testing/new-server 2952/0/0/17/3242 302 689 - - --VN 3/3/0/0/0 0/0 "GET /myadmin/scripts/setup.php HTTP/1.1"
如何阻止
如果有任何错误,请执行以下步骤
=============================================== ============
命令:
vim /etc/fail2ban/filter.d/vulscan.conf
文件:
[Definition]
failregex = ^<HOST>.*\"GET
ignoreregex =
[vulscan]
enabled = true
port = http,https
filter = vulscan
banaction = iptables-allports
logpath = /var/log/haproxy_0.log
#action = hostsdeny[file=/etc/hosts.deny]
action = iptables-multiport[name=vulscan,port="http,https", protocol=tcp]
maxretry = 1
bantime = 604800
=============================================== ======================
命令:
iptables -L
输出粘贴在下面:
Chain INPUT (policy ACCEPT)
target prot opt source destination
fail2ban-vulscan tcp -- anywhere anywhere multiport dports http,https
fail2ban-SSH tcp -- anywhere anywhere tcp dpt:ssh
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
Chain fail2ban-SSH (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
Chain fail2ban-vulscan (1 references)
target prot opt source destination
RETURN all -- anywhere anywhere
答案 0 :(得分:0)
使用它 failregex = haproxy [\ d +]:
你可以通过运行来检查你的正则表达式与haproxy日志 fail2ban-regex [haproxy_log] [fail2ban_haproxy.conf]