diff options
| author | Kévin Le Gouguec <kevin.legouguec@gmail.com> | 2021-07-24 00:18:37 +0200 |
|---|---|---|
| committer | Kévin Le Gouguec <kevin.legouguec@gmail.com> | 2021-07-24 00:18:37 +0200 |
| commit | de7a794002b0d6a66e9dc231b550cdfc6f5cba4c (patch) | |
| tree | fce693eab3cb5fc3bf174d243dfc8a2db694be82 /guides/cloud/vps.org | |
| parent | 080117c8febb7604b872b7fd92dcee0c02cee598 (diff) | |
| download | memory-leaks-de7a794002b0d6a66e9dc231b550cdfc6f5cba4c.tar.xz | |
Start noting down how to setup nginx
Diffstat (limited to 'guides/cloud/vps.org')
| -rw-r--r-- | guides/cloud/vps.org | 34 |
1 files changed, 34 insertions, 0 deletions
diff --git a/guides/cloud/vps.org b/guides/cloud/vps.org index c5f5f92..b649fa8 100644 --- a/guides/cloud/vps.org +++ b/guides/cloud/vps.org @@ -36,3 +36,37 @@ So instead, I'll Match User … PasswordAuthentication yes #+end_src +* Web server +With the following files in =$HOME=: +#+begin_src conf +# nginx-botsearch.local +[Init] + +block = \S*(php|wp-|wordpress|jenkins|hudson|sql|boaform)[^,]* + +[Definition] + +# Change from distro: just remove the leading slash before <block>. +failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) <block> \S+\" 404 .+$ + ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$ + +# jail.local +[nginx-http-auth] +enabled = true + +[nginx-botsearch] +enabled = true +logpath = /var/log/nginx/access.log +#+end_src + +Do: +#+begin_src sh +sudo apt install nginx +sudo cp ~/nginx-botsearch.local /etc/fail2ban/filter.d/ +sudo cp ~/jail.local /etc/fail2ban/ +sudo systemctl restart fail2ban +#+end_src + +Check how these rules fare against real bot searches with +~fail2ban-regex /var/log/nginx/access.log +/etc/fail2ban/filter.d/nginx-botsearch.local~. |