Re: fail2ban for apache2

To: debian-user@lists.debian.org
Subject: Re: fail2ban for apache2
From: <tomas@tuxteam.de>
Date: Sun, 10 Nov 2019 12:19:51 +0100
Message-id: <[🔎] 20191110111951.GA2880@tuxteam.de>
In-reply-to: <[🔎] 201911100608.52629.gheskett@shentel.net>
References: <[🔎] 201911090230.57430.gheskett@shentel.net> <[🔎] 201911091301.00019.gheskett@shentel.net> <[🔎] 8a394bb2-8936-469f-9225-d54d046230d4@hemathor.de> <[🔎] 201911100608.52629.gheskett@shentel.net>

On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:

[...]

> But, I'm getting the impression that it has to fail before fail2ban kicks 
> in [...]

No. It has to "succeed" once before fail2ban can do its job. It is:

 - assess client behaviour
 - http server writes a log entry (or a set thereof) which fail2ban can feed on
 - magic (i.e. fail2ban rules)
 - fail2ban blocks offending address.

It's the same process you're doing manually now. If you can codify
the decisions you take in the form of fail2ban rules, then fail2ban
is for you.

Cheers
-- t

Attachment: signature.asc
Description: Digital signature

Reply to:

Follow-Ups:
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>

References:
- fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: Michael <ml@hemathor.de>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>

Prev by Date: Re: fail2ban for apache2
Next by Date: Re: fail2ban for apache2
Previous by thread: Re: fail2ban for apache2
Next by thread: Re: fail2ban for apache2
Index(es):
- Date
- Thread