Configuring Fail2ban for the r4032login module

drupal.stackexchange https://drupal.stackexchange.com/questions/281054

  •  07-02-2021
  •  | 
  •  

Frage

Recently, I installed fail2ban on my server to help prevent bots from abusing the site.

I have the r4032login module installed and it is writing to the log, but it is using HTTP status 302 for the redirect to the login page.

I'm wondering what would be the easiest way to have fail2ban work alongside the r4032login.

Here is a sample log entry:

ddd.ddd.ddd.ddd - - [12/May/2019:14:46:26 -0400] "GET /node/1/edit HTTP/1.1" 302 4305 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_4) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/73.0.3683.103 Safari/537.36"

https://www.fail2ban.org/wiki/index.php/Main_Page

https://www.drupal.org/project/r4032login

War es hilfreich?

Lösung

For Fail2Ban v0.10.2, I edited two files in the /etc/fail2ban directory.

I added the following entry to jail.local:

[apache-forbidden]
enabled = true
port = http,https
filter = apache-forbidden
logpath = %(apache_access_log)s
maxretry = 3
findtime = 600
bantime  = 600

For filter.d/apache-forbidden.conf I have the following:

[INCLUDES]

before = common.conf

[Definition]

failregex = <HOST> - - .*HTTP/[0-9]+(.[0-9]+)?" 302

The 302 at the end is to reflect the redirect code for r4032login module.

NOTE: 302 redirects by other modules and Apache might also trigger a ban. Please see the comment below to mitigate this effect.

Lizenziert unter: CC-BY-SA mit Zuschreibung
Nicht verbunden mit drupal.stackexchange
scroll top