Re: fail2ban for apache2
On Sunday 10 November 2019 06:19:51 tomas@tuxteam.de wrote:
> On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:
>
> [...]
>
> > But, I'm getting the impression that it has to fail before fail2ban
> > kicks in [...]
>
> No. It has to "succeed" once before fail2ban can do its job. It is:
>
> - assess client behaviour
> - http server writes a log entry (or a set thereof) which fail2ban
> can feed on - magic (i.e. fail2ban rules)
> - fail2ban blocks offending address.
>
> It's the same process you're doing manually now. If you can codify
> the decisions you take in the form of fail2ban rules, then fail2ban
> is for you.
>
Humm. That would take a user-agent trigger else I'd be killing joe
blpstks attempt at downloading the .debs for linuxcnc for his spanking
new rpi4, have to be carefull there I think. This code is running my
big lathe flawlessly but its had support for 2 more of the mesa
interface cards added, and that has not been tested yet. Broadcom is not
exactly a blabbermouthed company when something gets changed. The
realtime kernel is the whole stacks 2.9 gigabyte image and needs a
serious stripping down to just what needs copied to /boot in the sd card
it boots from. That would produce a 20 meg tarball.
> Cheers
> -- t
Cheers, Gene Heskett
--
"There are four boxes to be used in defense of liberty:
soap, ballot, jury, and ammo. Please use in that order."
-Ed Howdershelt (Author)
If we desire respect for the law, we must first make the law respectable.
- Louis D. Brandeis
Genes Web page <http://geneslinuxbox.net:6309/gene>
Reply to: