Ok, let's on English. What I really *) Just saw the signature on the letter. And I understood that will understand what I mean.
The question is not that the bots are looking for. They are always looking for the same thing. 1) If your Web server requests go directly from clients, then yes, you can have them blocked by the firewall (in this case ipfilter) 2) But if the front is haproxy/nginx/etc as a balancer, or just the reverse - the firewall can not do anything, because the network stack will turn the proxy address and the address of the client - only log. In such cases - lua 2016-04-26 22:17 GMT+03:00 Oleg Sumarokov <[email protected]>: > Thank you for the link, all bots are trying to find php or something > similar. > All requests are customer requests in apache log. > > Yours sincerely, > Oleg Sumarokov > > Privileged - Private & Confidential > > On 26 April 2016 at 21:34, Tiraen <[email protected]> wrote: > >> Если от клиентов напрямую, то >> >> http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/ >> >> вот это можно попробовать адаптировать, под нужды. >> >> Если через кого то в лог - то только lua. >> >> 2016-04-26 21:27 GMT+03:00 Tiraen <[email protected]>: >> >>> These addresses where you comes? Directly from the customer or through a >>> proxy (revers) / cdn >>> >>> Эти адреса вам куда приходят? Напрямую от клиентов, или через реверс >>> прокси/cdn ? >>> >>> 2016-04-25 22:51 GMT+03:00 Oleg Sumarokov <[email protected]>: >>> >>>> Colleagues, >>>> >>>> How to correctly configure fail2ban in apache(nginx) zone is there any >>>> alternative solution? >>>> >>>> access log full of requests like: (real IPs replaced with 127.0.0.1) >>>> >>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>> http://127.0.0.1:80/db/db-admin/ HTTP/1.1" 404 - >>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>> http://127.0.0.1:80/db/dbadmin/ HTTP/1.1" 404 - >>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>> http://127.0.0.1:80/db/dbweb/ HTTP/1.1" 404 - >>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>> http://127.0.0.1:80/db/myadmin/ HTTP/1.1" 404 - >>>> >>>> Thank you in advance, >>>> >>>> Yours sincerely, >>>> Oleg Sumarokov >>>> >>>> Privileged - Private & Confidential >>>> >>> >>> >>> >>> -- >>> With best regards, >>> >>> Vyacheslav Yakushev, >>> >>> Unix system administrator >>> >> >> >> >> -- >> With best regards, >> >> Vyacheslav Yakushev, >> >> Unix system administrator >> > > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/27247476-87b4fc40> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > -- With best regards, Vyacheslav Yakushev, Unix system administrator ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
