Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
V
V
Vlad Shustrikov2016-04-04 10:53:36
Nginx
Vlad Shustrikov, 2016-04-04 10:53:36

How to create regex or why doesn't the filter work?

Good day to all.
The bottom line is, nginx 1.9.12 is installed, access to /ip/adm is blocked by the standard http_access module. Only me is allowed access.
in nginx-errors.log, respectively, when someone else climbs, it remains

2016/04/04 10:15:24 [error] 10934#0: *41120 access forbidden by rule, client: 213.87.х.х, server: localhost, request: "GET /administrator/ HTTP/1.1", host: "c.ru"

I decided not to load it with swotting to install fail2ban 0.9.4. To begin with, I set up sshd - everything works, everything gets banned.
Now I started to configure /ip/adm for the access block.
added to jail.local
[ssh]
enabled  = true
filter   = sshd
action   = pf
logpath  = /var/log/auth.log
findtime  = 600
maxretry = 3
bantime  = 3600


<b>[adminka]
enable   = true
filter   = adminka
action   = pf
logpath  = /var/log/nginx-error.log
findtime = 333600
maxretry = 1
bantime  = 3600</b>

created adminka in filter.d and added it there on one forum, they suggested something like
[Definition]

_daemon = adminka

failregex = ^.* access forbidden by rule, client: <HOST>, server.*

ignoreregex =

after which I reboot fail2ban but nothing gets into the table.
This is what the test says
fail2ban-regex /var/log/nginx-error.log /usr/local/etc/fail2ban/filter.d/adminka.conf

Running tests
=============

Use   failregex filter file : adminka, basedir: /usr/local/etc/fail2ban
Use         log file : /var/log/nginx-error.log
Use         encoding : US-ASCII


Results
=======

Failregex: 36 total
|-  #) [# of hits] regular expression
|   1) [36] ^.* access forbidden by rule, client: <HOST>, server.*
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [2220] Year(?P<_sep>[-/.])Month(?P=_sep)Day 24hour:Minute:Second(?:,Microseconds)?
`-

Lines: 2221 lines, 0 ignored, 36 matched, 2185 missed
[processed in 0.50 sec]

Missed line(s): too many to print.  Use --print-all-missed to print all 2185 lines

That is, the required number of errors clearly falls under my filter, but I repeat the table is empty.
Give advice plz what can be changed / changed / added?
Thanks.

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

0 answer(s)
Similar questions
U
Uniq2015-06-23 21:51:15
What modules are used? 2Reply
E
eblan2017-01-22 16:18:11
Rasspberry PI performance for a website? 4Reply
K
KRHD2021-02-03 13:24:16
Why did fastcgi_param stop working after SSL connection? 0Reply
C
Cleveland_boyz2021-02-04 14:08:38
Django + Nginx + Uwsgi see Why does Nginx return the default Nginx page? 1Reply
B
Boris Yakushev2017-01-25 16:32:22
Location for subdomain? 1Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question