On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote: > On Sunday 10 November 2019 06:19:51 tomas@tuxteam.de wrote: > > > On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote: [...] > > - assess client behaviour [...] > Humm. That would take a user-agent trigger [...] Bingo. You can let fail2ban pick up the UA off the log, block that source IP. But... you can just configure your Apache to deny that user agent itself. One less moving part (fail2ban) with all its configuration joy. Fail2ban would come in whenever the traffic generated by the (now rejected) attempts clog your Apache (or your connection). But I don't think it'll come that far. C'mon, Gene. Try to grok your web server's config (Apache's is ugly, but hey, you chose it). You'll have to bite that bullet sooner or later. Their docs are actually very good. Even if you decide to fail2ban later, it makes sense to master your web server config to munge your logs in a way that fail2ban has something to chew on. Start here: https://httpd.apache.org/docs/ Cheers -- tomás
Attachment:
signature.asc
Description: Digital signature