Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vlad Shustrikov2016-04-04 10:53:36
Nginx
Vlad Shustrikov, 2016-04-04 10:53:36

How to create regex or why doesn't the filter work?

Good day to all.
The bottom line is, nginx 1.9.12 is installed, access to /ip/adm is blocked by the standard http_access module. Only me is allowed access.
in nginx-errors.log, respectively, when someone else climbs, it remains

2016/04/04 10:15:24 [error] 10934#0: *41120 access forbidden by rule, client: 213.87.х.х, server: localhost, request: "GET /administrator/ HTTP/1.1", host: "c.ru"

I decided not to load it with swotting to install fail2ban 0.9.4. To begin with, I set up sshd - everything works, everything gets banned.
Now I started to configure /ip/adm for the access block.
added to jail.local
[ssh]
enabled  = true
filter   = sshd
action   = pf
logpath  = /var/log/auth.log
findtime  = 600
maxretry = 3
bantime  = 3600


<b>[adminka]
enable   = true
filter   = adminka
action   = pf
logpath  = /var/log/nginx-error.log
findtime = 333600
maxretry = 1
bantime  = 3600</b>

created adminka in filter.d and added it there on one forum, they suggested something like
[Definition]

_daemon = adminka

failregex = ^.* access forbidden by rule, client: <HOST>, server.*

ignoreregex =

after which I reboot fail2ban but nothing gets into the table.
This is what the test says
fail2ban-regex /var/log/nginx-error.log /usr/local/etc/fail2ban/filter.d/adminka.conf

Running tests
=============

Use   failregex filter file : adminka, basedir: /usr/local/etc/fail2ban
Use         log file : /var/log/nginx-error.log
Use         encoding : US-ASCII


Results
=======

Failregex: 36 total
|-  #) [# of hits] regular expression
|   1) [36] ^.* access forbidden by rule, client: <HOST>, server.*
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [2220] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-

Lines: 2221 lines, 0 ignored, 36 matched, 2185 missed
[processed in 0.50 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 2185 lines

That is, the required number of errors clearly falls under my filter, but I repeat the table is empty.
Give advice plz what can be changed / changed / added?
Thanks.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
D
Dmitry Aitkulov2015-12-08 11:40:21
What is the error when running owncloud + roundcube? 2Reply
A
antonre2012-09-21 20:15:05
Can't run ./configure for nginx 6Reply
O
olezhenka2018-04-19 23:49:03
How to create the following condition in nginx? 0Reply
S
Sergey Khlopov2021-08-06 10:05:46
Why does a 302 redirect from slash to no slash happen? 0Reply
N
Nday0012020-05-26 14:48:09
nginx. How to redirect http requests to different machines depending on the URI? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question