Meu servidor mora atrás do proxy reverso nginx, mas o ip do acesso do cliente aparece no log do apache assim, parece normal, não há coisas x-forward no log.
103.221.234.206 - - [28/Feb/2024:14:37:29 +0800] "GET /styles/pke/?mejiku=zeus138 HTTP/1.1" 404 3888 "https://x.y.z.a/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68"
65.109.34.52 - - [28/Feb/2024:14:37:29 +0800] "GET /index.php/index/user/register HTTP/1.1" 200 9568 "https://x.y.z.a/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36"
103.221.234.206 - - [28/Feb/2024:14:37:31 +0800] "GET / HTTP/1.1" 200 8561 "https://x.y.z.a" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68"
194.32.229.95 - - [28/Feb/2024:14:37:32 +0800] "GET /index.php/index/user/register HTTP/1.1" 200 9487 "https://x.y.z.a/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36"
Próximo .. a configuração fail2ban é boa, mas o iptables não pode bloquear o ip do ip público. meu iptables mostrado abaixo. Só funciona quando banir ip local.
Chain INPUT (policy DROP 22909 packets, 8800K bytes)
pkts bytes target prot opt in out source destination
691K 72M f2b-apache-noscript tcp -- any any anywhere anywhere multiport dports http,https
690K 85M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
76 4560 ACCEPT all -- lo any anywhere anywhere
1 60 ACCEPT icmp -- any any anywhere anywhere
1 64 ACCEPT tcp -- any any 10.0.0.0/8 anywhere tcp dpt:ssh
807 42768 ACCEPT tcp -- any any 10.0.0.0/8 anywhere tcp dpt:webmin
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
34019 2040K ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 720K packets, 2306M bytes)
pkts bytes target prot opt in out source destination
Chain f2b-apache-noscript (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any 77.111.244.49 anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any 103.151.140.101 anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any 20.125.101.243 anywhere reject-with icmp-port-unreachable
Meus iptables não conseguem capturar o tráfego daquele IP específico bloqueado.
O que devo fazer para que meu fail2ban funcione sem alterar a topologia da rede onde meu servidor está atrás do proxy reverso.
Caso semelhante e perfeitamente resolvido aqui: link