1.8 KiB
1.8 KiB
Установка
sudo apt update && sudo apt install fail2ban -y
Настройка
# рекомендуется, но необязательно
cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
Для модуля nginx-linit-req
- Добавить в блок
http
http {
...
limit_req_zone $binary_remote_addr zone=one:10m rate=1r/s;
...
}
- Добавить в все
locationдля защиты от флуда
limit_req zone=one burst=5 nodelay;
vi /etc/fail2ban/jail.local
[DEFAULT]
ignoreip = 127.0.0.1/8 ::1
[sshd]
enabled = true
port = 10001
#Для Debian добавить:
#backend = systemd
# Если в течении 24 часов
findtime = 86400
# произведено 3 неудачных попытки логина,
maxretry = 3
# то банить IP навсегда.
bantime = -1
[nginx-bad-request]
enabled = true
port = http,https
filter = nginx-bad-request
logpath = /var/log/nginx/*access.log
maxretry = 3
findtime = 5m
bantime = 24h
[nginx-http-auth]
enabled = true
port = http,https
filter = nginx-http-auth
logpath = /var/log/nginx/*error.log
maxretry = 3
findtime = 5m
bantime = 24h
[nginx-botsearch]
enabled = true
port = http,https
filter = nginx-botsearch
logpath = /var/log/nginx/*access.log
maxretry = 5
findtime = 10m
bantime = 24h
[nginx-limit-req]
enabled = true
filter = nginx-limit-req
logpath = /var/log/nginx/*error.log
maxretry = 100
findtime = 30
bantime = 24h
- Проверка
fail2ban-server -t
fail2ban-client reload
fail2ban-client status
fail2ban-client status sshd # Статус защиты SSH
fail2ban-client status nginx-bad-reauest
fail2ban-client status nginx-botsearch
fail2ban-client status nginx-http-auth
fail2ban-client status nginx-limit-req
tail -f /var/log/fail2ban.log