I am not switching to Russian because that information, potentially, will help someone else not just me :)
In my case no reverse proxies or balancers - I am getting all requests by this particular Apache instance. (it sits in DMZ with all required isolations but ...) The question is - how to correctly configure fail2ban in smartos zone - the man pages for fail2ban are generic - so I was looking for alternatives and better (practical) knowledge in that space. Thank you! Yours sincerely, Oleg Sumarokov Privileged - Private & Confidential On 26 April 2016 at 22:46, Tiraen <[email protected]> wrote: > Ok, let's on English. What I really *) Just saw the signature on the > letter. And I understood that will understand what I mean. > > The question is not that the bots are looking for. They are always looking > for the same thing. > 1) If your Web server requests go directly from clients, then yes, you can > have them blocked by the firewall (in this case ipfilter) > 2) But if the front is haproxy/nginx/etc as a balancer, or just the > reverse - the firewall can not do anything, because the network stack will > turn the proxy address and the address of the client - only log. In such > cases - lua > > > > 2016-04-26 22:17 GMT+03:00 Oleg Sumarokov <[email protected]>: > >> Thank you for the link, all bots are trying to find php or something >> similar. >> All requests are customer requests in apache log. >> >> Yours sincerely, >> Oleg Sumarokov >> >> Privileged - Private & Confidential >> >> On 26 April 2016 at 21:34, Tiraen <[email protected]> wrote: >> >>> Если от клиентов напрямую, то >>> >>> http://virtuallyhyper.com/2013/04/installing-and-configuring-fail2ban-on-omnios/ >>> >>> вот это можно попробовать адаптировать, под нужды. >>> >>> Если через кого то в лог - то только lua. >>> >>> 2016-04-26 21:27 GMT+03:00 Tiraen <[email protected]>: >>> >>>> These addresses where you comes? Directly from the customer or through >>>> a proxy (revers) / cdn >>>> >>>> Эти адреса вам куда приходят? Напрямую от клиентов, или через реверс >>>> прокси/cdn ? >>>> >>>> 2016-04-25 22:51 GMT+03:00 Oleg Sumarokov <[email protected]>: >>>> >>>>> Colleagues, >>>>> >>>>> How to correctly configure fail2ban in apache(nginx) zone is there any >>>>> alternative solution? >>>>> >>>>> access log full of requests like: (real IPs replaced with 127.0.0.1) >>>>> >>>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>> http://127.0.0.1:80/db/db-admin/ HTTP/1.1" 404 - >>>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>> http://127.0.0.1:80/db/dbadmin/ HTTP/1.1" 404 - >>>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>> http://127.0.0.1:80/db/dbweb/ HTTP/1.1" 404 - >>>>> 127.0.0.1 - - [28/Mar/2016:12:51:43 +0300] "HEAD >>>>> http://127.0.0.1:80/db/myadmin/ HTTP/1.1" 404 - >>>>> >>>>> Thank you in advance, >>>>> >>>>> Yours sincerely, >>>>> Oleg Sumarokov >>>>> >>>>> Privileged - Private & Confidential >>>>> >>>> >>>> >>>> >>>> -- >>>> With best regards, >>>> >>>> Vyacheslav Yakushev, >>>> >>>> Unix system administrator >>>> >>> >>> >>> >>> -- >>> With best regards, >>> >>> Vyacheslav Yakushev, >>> >>> Unix system administrator >>> >> >> > > > -- > With best regards, > > Vyacheslav Yakushev, > > Unix system administrator > *smartos-discuss* | Archives > <https://www.listbox.com/member/archive/184463/=now> > <https://www.listbox.com/member/archive/rss/184463/26905665-f269039f> | > Modify > <https://www.listbox.com/member/?&;> > Your Subscription <http://www.listbox.com> > ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
