Re: fail2ban for apache2

To: <debian-user@lists.debian.org>
Subject: Re: fail2ban for apache2
From: Michael <ml@hemathor.de>
Date: Sun, 10 Nov 2019 11:01:07 +0100
Message-id: <[🔎] 8a394bb2-8936-469f-9225-d54d046230d4@hemathor.de>
In-reply-to: <[🔎] 201911091301.00019.gheskett@shentel.net>
References: <[🔎] 201911090230.57430.gheskett@shentel.net> <[🔎] 57d0227f-d162-39d3-10ba-d1512f6a4efb@mail.com> <[🔎] 9b18bb10-bc6e-4c99-8f38-83bd50c5d4ae@hemathor.de> <[🔎] 201911091301.00019.gheskett@shentel.net>

On Saturday, November 9, 2019 7:01:00 PM CET, Gene Heskett wrote:

Whats this "jail"? The beginners tut seems to assume we've all had cs101thru cs401 and Just Know all the secret handshakes bs already.

no idea what you're talking about... i almost never read any tutorial, justman pages. that's what i think they're here for (althuogh i have to admitthe quality varies a lot!).


so, a jail is just a name for a set of blocking rules, filters and actions.

- the rule (a file in /etc/fail2ban/jail.d/, e.g. genes-apache.conf)describes what should be blocked, why, and for how long.- the filter (located in /etc/fail2ban/filter.d/) describes (whith a pythonregular expression) which log file entry triggers the rule to act upon. inyour case it could be something somebody described here in another postwith the semrush bot. or just anything you desire.- actions are defined in /etc/fail2ban/action.d/, and, well, they definewhat should happen if a rule is to be executed. one might say, thetriggering ip address goes into jail.


sorry, if you already know that, but i felt like you didn't quite.

Sorry,I've been hiding behind dd-wrt for about 2 decades and never had toworry about it before.

nothing to be ashamed about. in fact, quite the opposite! i use an openwrtrouter, too. so...

Besides that the jail.d subdir of the install is empty.

hm, after installing fail2ban i had a 'defaults-debian.conf' in jail.d,which enables the jail for sshd.

No jail.examplefile to give one an inkling of what its supposed to be like.


RTFM!

man jail.conf

and /etc/fail2ban/jail.conf is a perfectly valid example of many jails.

Theres zero tutorial value in that.


i'm old school, so sorry for me repeating: RTFM!

I was able, with the help of anotherresponder to carve up some iptables rules to stop the DDOS that semrush,yandex, bingbot, and 2 or 3 others were bound to do to me.

using iptables directly is fine, because you get your results fast, but itlacks some advantages over fail2ban, which i think outweigh the simplicityof iptables:- whith iptables you have to scan your log regularly for misbehaving orunwanted clients, whereas fail2ban does this automatically, constantly (!),and based on rules. from time to time these rules have to be adapted, sincebots are evolving, but i think it's still less trouble than looking at logfiles every day or so.- fail2ban allows you to block only specific ports, in your case maybe 80and/or 443 for the web server.- you have to remember which ip address you blocked, why and for how longyou want to block them. fail2ban does that for you.

- ... (too lazy right now to write more)


greetings...

Reply to:

Follow-Ups:
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: Brian <ad44@cityscape.co.uk>

References:
- fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: john doe <johndoe65534@mail.com>
- Re: fail2ban for apache2
  - From: Michael <ml@hemathor.de>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: Thought regarding NGINX and Debian
Next by Date: Re: fail2ban for apache2
Previous by thread: Re: fail2ban for apache2
Next by thread: Re: fail2ban for apache2
Index(es):
- Date
- Thread