On Sunday, November 10, 2019 1:39:24 PM CET, to...@tuxteam.de wrote:
On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote:
On Sunday 10 November 2019 06:19:51 to...@tuxteam.de wrote:
On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:
But... you can just configure your Apache to deny that user agent
itself. One less moving part (fail2ban) with all its configuration
joy.
and, i think it's worth mentioning, the apache2 config denies the request
__before__ it sends any data, whereas fail2ban has to wait until __after__
apache2 has finished handling the request.
but: if fail2ban immediately (i.e. after the first request) invokes
iptables and blocks the ip, then the data flow should be interrupted, and
not too much data should be uploaded. correct me if i'm wrong.
greetings...