Re: fail2ban for apache2

To: <debian-user@lists.debian.org>
Subject: Re: fail2ban for apache2
From: Michael <ml@hemathor.de>
Date: Sun, 10 Nov 2019 14:02:46 +0100
Message-id: <[🔎] d91db2d6-7c71-4163-9b6a-69695ed84a11@hemathor.de>
In-reply-to: <[🔎] 20191110123924.GB2880@tuxteam.de>
References: <[🔎] 201911090230.57430.gheskett@shentel.net> <[🔎] 201911100608.52629.gheskett@shentel.net> <[🔎] 20191110111951.GA2880@tuxteam.de> <[🔎] 201911100704.12452.gheskett@shentel.net> <[🔎] 20191110123924.GB2880@tuxteam.de>

On Sunday, November 10, 2019 1:39:24 PM CET, tomas@tuxteam.de wrote:

On Sun, Nov 10, 2019 at 07:04:12AM -0500, Gene Heskett wrote:

On Sunday 10 November 2019 06:19:51 tomas@tuxteam.de wrote:

On Sun, Nov 10, 2019 at 06:08:52AM -0500, Gene Heskett wrote:

But... you can just configure your Apache to deny that user agent
itself. One less moving part (fail2ban) with all its configuration
joy.

and, i think it's worth mentioning, the apache2 config denies the request__before__ it sends any data, whereas fail2ban has to wait until __after__apache2 has finished handling the request.

but: if fail2ban immediately (i.e. after the first request) invokesiptables and blocks the ip, then the data flow should be interrupted, andnot too much data should be uploaded. correct me if i'm wrong.



greetings...

Reply to:

Follow-Ups:
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>

References:
- fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: <tomas@tuxteam.de>
- Re: fail2ban for apache2
  - From: Gene Heskett <gheskett@shentel.net>
- Re: fail2ban for apache2
  - From: <tomas@tuxteam.de>

Prev by Date: Re: fail2ban for apache2
Next by Date: Re: UVC device.
Previous by thread: Re: fail2ban for apache2
Next by thread: Re: fail2ban for apache2
Index(es):
- Date
- Thread