Talk:Apache

From Fail2ban
Revision as of 12:03, 6 March 2007 by 87.161.226.65 (talk)
Jump to navigationJump to search

I want to block the following entries in the /var/log/apache/access.log with fail2ban. How should I set my failregex?

220.191.231.206 - - [05/Mar/2007:11:50:20 +0100] "GET http://www.anbss.com/cgi-bin/ip.cgi HTTP/1.0" 404 534 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1)"

Thanks in advance!

Regards, Ronald

I want to block Trackback-Spambots whcih are causing gigabytes of incoming traffic due to requests every day, but I'm pretty bad in regexp and can't get it to work. Entries look like this and are recognizable by the UserAgent string "Trackback/1.02":

www.mydomain.tld||||459||||123.123.123.123 - - [05/Mar/2007:14:39:21 +0100] "POST /123.html/trackback/ HTTP/1.0" 301 459 "http://www.mydomain.tld/123.html/trackback" "TrackBack/1.02"

Apach2's log format looks like this:

LogFormat "%v||||%b||||%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\"" combined_ispconfig

Regards, Alexander Langer

Retrieved from "http://wiki.fail2ban.org/wiki/index.php?title=Talk:Apache&oldid=1768"