我为nginx反向代理安装了fail2ban。我遵循了此方法:
他们告诉在nginx-http-auth.conf中执行以下操作,这对我来说很有意义:
[Definition]
failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
^ \[error\] \d+#\d+: \*\d+ no user/password was provided for basic authentication, client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$
ignoreregex =
我试图用错误的用户名/密码来锁定自己(第1行)->起作用
我试图用否用户名/密码(第2行)->无法正常工作
所以我看了看我的nginx error.log
2019/05/21 09:37:52 [error] 552#552: *308 user "1" was not found in "/etc/nginx/.htpasswd", client: 111.111.111.111, server: my.domain, request: "GET / HTTP/1.1", host: "my.domain"
2019/05/21 09:37:54 [error] 552#552: *308 user "1" was not found in "/etc/nginx/.htpasswd", client: 111.111.111.111, server: my.domain, request: "GET / HTTP/1.1", host: "my.domain"
2019/05/21 09:37:56 [error] 552#552: *308 user "1" was not found in "/etc/nginx/.htpasswd", client: 111.111.111.111, server: my.domain, request: "GET / HTTP/1.1", host: "my.domain"
2019/05/21 09:37:57 [error] 552#552: *308 user "1" was not found in "/etc/nginx/.htpasswd", client: 111.111.111.111, server: my.domain, request: "GET / HTTP/1.1", host: "my.domain"
2019/05/21 09:37:59 [error] 552#552: *308 user "1" was not found in "/etc/nginx/.htpasswd", client: 111.111.111.111, server: my.domain, request: "GET / HTTP/1.1", host: "my.domain"
如果有人尝试在没有用户名或密码的情况下进行身份验证,我的nginx不会记录。我使用来自不同网络的不同计算机的不同浏览器进行了尝试。
我在Interweb上找不到有关此问题的任何信息。
Valar Morghulis