Difference between revisions of "Talk:Apache"
Lostcontrol (talk | contribs) |
(modified apache-badbots.conf does not work) |
||
| Line 29: | Line 29: | ||
Yaroslav Halchenko has created a filter in order to ban such bots. This filter will be in the next release. A list of "bad bots" is available [http://www.user-agents.org/ here]. You can get the filter from Subversion [http://fail2ban.svn.sourceforge.net/viewvc/fail2ban/trunk/config/filter.d/apache-badbots.conf?revision=549&view=markup here]. However, "Trackback" is not in the list. You should be able to add it without any problems. | Yaroslav Halchenko has created a filter in order to ban such bots. This filter will be in the next release. A list of "bad bots" is available [http://www.user-agents.org/ here]. You can get the filter from Subversion [http://fail2ban.svn.sourceforge.net/viewvc/fail2ban/trunk/config/filter.d/apache-badbots.conf?revision=549&view=markup here]. However, "Trackback" is not in the list. You should be able to add it without any problems. | ||
--[[User:Lostcontrol|Lostcontrol]] 12:20, 6 March 2007 (CET) | --[[User:Lostcontrol|Lostcontrol]] 12:20, 6 March 2007 (CET) | ||
| + | |||
| + | ---- | ||
| + | |||
| + | I changed lines to | ||
| + | badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02 | ||
| + | and to | ||
| + | failregex = ^(?P<host>\S*) -.*"POST.*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$ | ||
| + | and did a fail2ban-regex myLogfile apache-badbots.conf but all it says is "Sorry, no match". I am using v0.7.5 on Debian. | ||
| + | |||
| + | Regards, Alexander Langer 12:55, 6 March 2007 (CET) | ||
Revision as of 13:56, 6 March 2007
I want to block the following entries in the /var/log/apache/access.log with fail2ban. How should I set my failregex?
220.191.231.206 - - [05/Mar/2007:11:50:20 +0100] "GET http://www.anbss.com/cgi-bin/ip.cgi HTTP/1.0" 404 534 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"
Thanks in advance!
Regards, Ronald
This failregex should do it (with 0.7.x):
failregex = ^<HOST> -.*GET.*/ip\.cgi
--Lostcontrol 12:32, 6 March 2007 (CET)
I want to block Trackback-Spambots whcih are causing gigabytes of incoming traffic due to requests every day, but I'm pretty bad in regexp and can't get it to work. Entries look like this and are recognizable by the UserAgent string "Trackback/1.02":
www.mydomain.tld||||459||||123.123.123.123 - - [05/Mar/2007:14:39:21 +0100] "POST /123.html/trackback/ HTTP/1.0" 301 459 "http://www.mydomain.tld/123.html/trackback" "TrackBack/1.02"
Apach2's log format looks like this:
LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig
Regards, Alexander Langer
Yaroslav Halchenko has created a filter in order to ban such bots. This filter will be in the next release. A list of "bad bots" is available here. You can get the filter from Subversion here. However, "Trackback" is not in the list. You should be able to add it without any problems. --Lostcontrol 12:20, 6 March 2007 (CET)
I changed lines to badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02 and to failregex = ^(?P<host>\S*) -.*"POST.*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$ and did a fail2ban-regex myLogfile apache-badbots.conf but all it says is "Sorry, no match". I am using v0.7.5 on Debian.
Regards, Alexander Langer 12:55, 6 March 2007 (CET)
