Hi Constantin, you could *filter* based on bogus queries using the method I described, but the actions are always done by an ip-based firewall, i.e. you can only *block* by ip.
If you need to block certain query types without blocking access from the ip that is performing those queries, you need to use some filter at the application level, fail2ban can not help you since it can only block all access from the ip unconditionally. For apache, you could use f.i. mod_security for applying this kind (i.e. application level) of filtering, but your original message did not provide any details on what traffic you're trying to block. Which application, what type of queries are OK/bad, etc. So not enough detail to advise your further. Tom On 05-05-15 10:32, Constantin Bugneac wrote: > Thanks Tom, > > I want to use iptables to filter by other criteria - let's say some > details from application layer. I'm able to extract from logs the > "bogus query" and build a proper iptables filter to block it > manually and now I'm thinking how to automate this using fail2ban > functionality ... > > N.B. It's useless to filter by IP when some clients may sit behind > NAT thus blocking access to all instead of addressing specific > query. > > Regards, Constantin > > The information in this email is confidential and may be legally > privileged. It is intended solely for the addressee. Any opinions > expressed are mine and do not necessarily represent the opinions of > the Company. Emails are susceptible to interference. If you are > not the intended recipient, any disclosure, copying, distribution > or any action taken or omitted to be taken in reliance on it, is > strictly prohibited and may be unlawful. If you have received this > message in error, do not open any attachments but please notify the > Endava Service Desk on (+44 (0)870 423 0187), and delete this > message from your system. The sender accepts no responsibility for > information, errors or omissions in this email, or for its use or > misuse, or for any act committed or omitted in connection with this > communication. If in doubt, please verify the authenticity of the > contents with the sender. Please rely on your own virus checkers as > no responsibility is taken by the sender for any damage rising out > of any bug or virus infection. > > Endava Limited is a company registered in England under company > number 5722669 whose registered office is at 125 Old Broad Street, > London, EC2N 1AR, United Kingdom. Endava Limited is the Endava > group holding company and does not provide any services to clients. > Each of Endava Limited and its subsidiaries is a separate legal > entity and has no liability for another such entity's acts or > omissions. > > ------------------------------------------------------------------------------ > > > > One dashboard for servers and applications across Physical-Virtual-Cloud > Widest out-of-the-box monitoring support with 50+ applications > Performance metrics, stats and reports that give you Actionable > Insights Deep dive visibility with transaction tracing using APM > Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y > _______________________________________________ Fail2ban-users > mailing list [email protected] > https://lists.sourceforge.net/lists/listinfo/fail2ban-users >
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ One dashboard for servers and applications across Physical-Virtual-Cloud Widest out-of-the-box monitoring support with 50+ applications Performance metrics, stats and reports that give you Actionable Insights Deep dive visibility with transaction tracing using APM Insight. http://ad.doubleclick.net/ddm/clk/290420510;117567292;y
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
