我需要根据nginx webserver access.log的自定义日志文件格式使用fail2ban阻止某些请求。
应该匹配的违规行在 access.log 中,如下所示:
06/Oct/2016:18:44:29 +0200 191.96.249.53 - - mydomain.com "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" "-"
06/Oct/2016:18:44:29 +0200 191.96.249.53 - - mydomain.com "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" "-"
06/Oct/2016:18:44:29 +0200 191.96.249.53 - - mydomain.com "POST /xmlrpc.php HTTP/1.0" 499 0 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0)" "-"
使用RegEx的 fail2ban 配置wordpress-xmlrpc.conf:
[Definition]
failregex = ^<HOST>.*POST .*.(*wp-login\.php|*xmlrpc\.php).*.(403|499)*
ignoreregex =
jail正在运行,但从未找到有问题的行:
jail的状态:wordpress-xmlrpc(简化):
- 文件列表:/var/log/nginx/access.log
- 目前失败:0
- 总失败次数:0
- 目前被禁止:0
- 被禁止的总数:0
任何帮助表示赞赏!