Last-modified: 2016-08-29 (月) 01:12:05
スクリプト/nginx-auth.conf

概要

fail2banのNginx auth用フィルタです。

フィルタ対象フォーマット

Everything is expanded.Everything is shortened.
  1
  2
  3
  4

-
!
-
!

# 期待するエラー(ユーザー名が不一致)
2014/10/15 21:02:02 [error] 1234#0: *123 user "<ユーザー名>" was not found in "<basic認証ファイルパス>", client: 123.123.234.234, ・・・
# 期待するエラー(パスワードが不一致)
2014/10/15 21:34:09 [error] 1234#0: *123 user "<ユーザー名>": password mismatch, client: 123.123.234.234, ・・・

/etc/fail2ban/filter.d/nginx-auth.conf

Everything is expanded.Everything is shortened.
  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26

-
|
|
|
|
|
!
 
 
-
|
!
 
 
 
 
-
|
|
!
 
-
|
|
|
!

# Fail2Ban configuration file
#
# Author: paburica
#
# $Revision$
#
 
[INCLUDES]
 
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
 
 
[Definition]
 
# Option:  failregex
# Values:  TEXT
#
failregex = ^.*\[error\].* user .*, client: <HOST>,.*$
 
# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =

その他

  1. /etc/fail2ban/jail.local例
    Everything is expanded.Everything is shortened.
      1
  2
  3
  4
  5
  6
  7
  8

    -
!
 
 
 
 
 
 

    # nginx 認証失敗をチェック
[nginx-auth]
enabled  = true
filter   = nginx-auth
logpath  = /opt/nginx/log/*/error.log
port     = http,https
bantime  = 900
maxretry = 5
  2. 反映
    Everything is expanded.Everything is shortened.
      1
  2
  3
  4

    -
!
-
!

    # 確認
fail2ban-regex <対象ログパス> /etc/fail2ban/filter.d/nginx-auth.conf
# 反映
service fail2ban restart

検証時の環境