带有haproxy的fail2ban记录了如何阻止

时间:2015-03-07 08:20:04

标签: fail2ban

嗨团队,                 首先感谢您投入宝贵的时间来帮助像我这样的初学者。

我在centos中安装了失败的2禁令

在我的haproxy日志中

Mar  7 02:37:07 localhost haproxy[9378]: 115.xxx.xxx.xxx:19004 [07/Mar/2015:02:37:03.823] http-ingress testing/new-server 2952/0/0/17/3242 302 689 - - --VN 3/3/0/0/0 0/0 "GET /myadmin/scripts/setup.php HTTP/1.1"

如何阻止

如果有任何错误,请执行以下步骤

=============================================== ============

命令:

vim /etc/fail2ban/filter.d/vulscan.conf 

文件:

[Definition]

failregex = ^<HOST>.*\"GET

ignoreregex =


[vulscan]

enabled = true

port = http,https

filter = vulscan

banaction = iptables-allports

logpath = /var/log/haproxy_0.log

#action   = hostsdeny[file=/etc/hosts.deny]

action = iptables-multiport[name=vulscan,port="http,https", protocol=tcp]

maxretry = 1

bantime = 604800

=============================================== ======================

命令:

iptables -L           

输出粘贴在下面:

Chain INPUT (policy ACCEPT)
target     prot opt source               destination         
fail2ban-vulscan  tcp  --  anywhere             anywhere            multiport dports http,https 
fail2ban-SSH  tcp  --  anywhere             anywhere            tcp dpt:ssh 

Chain FORWARD (policy ACCEPT)
target     prot opt source               destination         

Chain OUTPUT (policy ACCEPT)
target     prot opt source               destination         

Chain fail2ban-SSH (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere            

Chain fail2ban-vulscan (1 references)
target     prot opt source               destination         
RETURN     all  --  anywhere             anywhere 

1 个答案:

答案 0 :(得分:0)

使用它 failregex = haproxy [\ d +]:

你可以通过运行来检查你的正则表达式与haproxy日志 fail2ban-regex [haproxy_log] [fail2ban_haproxy.conf]