我正在运行我的自定义应用程序,而Nginx作为反向代理运行。
如果任何用户尝试尝试5次以上,我已经配置了fail2ban重定向到另一个端口(8060)。但这不起作用。
Fail2ban日志,显示IP被禁止,但该页面未重定向到另一个端口。需要您的大力帮助解决此问题。
下面是我的配置
Nginx
real_ip_header X-Forwarded-For;
set_real_ip_from 10.0.0.0/8;
/etc/fail2ban/jail.local
[nginx-http-elb-auth]
enabled = true
filter = nginx-http-elb-auth
action = myaction[name=nginx-http-elb-auth, port="https"]
logpath = /var/log/nginx*/*access*.log
bantime = 300
maxretry = 5
/etc/fail2ban/action.d/myaction.conf
[INCLUDES]
before = iptables-common.conf
[Definition]
actionstart = <iptables> -N f2b-<name>
<iptables> -A f2b-<name> -j <returntype>
<iptables> -I <chain> -p <protocol> --dport <port> -j f2b-<name>
actionstop = <iptables> -D <chain> -p <protocol> --dport <port> -j f2b-<name>
<iptables> -F f2b-<name>
<iptables> -X f2b-<name>
actioncheck = <iptables> -n -L <chain> | grep -q 'f2b-<name>[ \t]'
actionban = iptables -t nat -A PREROUTING -p tcp -s <ip> --dport 80 -m string --algo bm --string 'X-Forwarded-For: <ip>' -j REDIRECT --to-port 8060
actionunban = <iptables> -t nat -D PREROUTING -p tcp -s <ip> --dport 80 -m string --algo bm --string 'X-Forwarded-For: <ip>' -j REDIRECT --to-port 8060
[Init]
/etc/fail2ban/filter.d/nginx-http-elb-auth.conf
[Definition]
failregex = ^<HOST> -.* "POST /.*/admin/.*$
^<HOST> -.* "POST /.*/admin/forgotpassword
ignoreregex =
fail2ban日志输出
2018-10-27 18:17:51,200 fail2ban.filter [1623]: INFO [nginx-http-elb-auth] Found 203.196.xxx.xxx
2018-10-27 18:17:52,042 fail2ban.actions [1623]: NOTICE [nginx-http-elb-auth] Ban 203.196.xxx.xxx
iptables输出
Chain PREROUTING (policy ACCEPT)
target prot opt source destination
REDIRECT tcp -- chn-static-142-176.196.203.direct.net.in anywhere tcp dpt:http STRING match "X-Forwarded-For: 203.196.176.142" ALGO name bm TO 65535 redir ports 8060