Hi list, I have fail2ban installed to monitor Ssh and Apache logs on an Ubuntu server. The Ssh part works perfectly, however the Apache part will not ban any IPs unless I restart it. The Apache code is as follows:
[http-get-dos] enabled = true port = http,https filter = http-get-dos logpath = /var/www/vhosts/*/logs/*access_log maxretry = 20 findtime = 60 bantime = -1 And the filter is: failregex = ^<HOST> -.*\"(GET|POST).* ignoreregex = ^<HOST> -.*\"(GET|POST).*(Googlebot|bingbot|Yahoo\!\sSlurp).* So each time the server is getting DoS attacked fail2ban does nothing, then if I restart fail2ban it will block the IP(s) currently attacking the system. Have I done something wrong? Thanks for any tips! Andy. ------------------------------------------------------------------------------ Dive into the World of Parallel Programming! The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
