当前位置 主页 > 服务器问题 > Linux/apache问题 >
复制代码 代码如下: # 检测密码认证失败
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/apache*/*error.log
maxretry = 6
# 检测漏洞和 PHP 脆弱性扫描
[apache-noscript]
enabled = true
port = http,https
filter = apache-noscript
logpath = /var/log/apache*/*error.log
maxretry = 6
# 检测 Apache 溢出攻击
[apache-overflows]
enabled = true
port = http,https
filter = apache-overflows
logpath = /var/log/apache*/*error.log
maxretry = 2
# 检测在服务器寻找主目录的尝试
[apache-nohome]
enabled = true
port = http,https
filter = apache-nohome
logpath = /var/log/apache*/*error.log
maxretry = 2
由于上面的监狱没有指定措施,这些监狱都将会触发默认的措施。要查看默认的措施,在/etc/fail2ban/jail.conf中的[DEFAULT]下找到“banaction”。
复制代码 代码如下:banaction = iptables-multiport
本例中,默认的操作是iptables-multiport(定义在/etc/fail2ban/action.d/iptables-multiport.conf)。这个措施使用iptable的多端口模块禁止一个IP地址。
在启用监狱后,你必须重启fail2ban来加载监狱。
$ sudo service fail2ban restart
在CentOS/RHEL 或者 Fedora中启用Apache监狱
要在基于红帽的系统中启用预定义的监狱,如下创建/etc/fail2ban/jail.local。
$ sudo vi /etc/fail2ban/jail.local
复制代码 代码如下: # 检测密码认证失败
[apache]
enabled = true
port = http,https
filter = apache-auth
logpath = /var/log/httpd/*error_log
maxretry = 6
# 检测抓取邮件地址的爬虫
[apache-badbots]
enabled = true
port = http,https
filter = apache-badbots
logpath = /var/log/httpd/*access_log
bantime = 172800
maxretry = 1
# 检测漏洞和 PHP 脆弱性扫描
[apache-noscript]