我试图通过fail2ban 禁止所有可疑的403 错误。
所以我创造了这个监狱
# block 403 errors
[apache-403]
enabled = true
filter = apache-403
port = http,https
logpath = /var/log/apache2/other_vhosts_access.log
bantime = 3600
maxretry = 5
ignoreip = 127.0.0.1/8 37.4.226.100
使用此过滤器规则
failregex = <HOST> .* "(GET|POST|HEAD) .* HTTP/1\.[01]" 403 .*
现在我检查fail2ban-client status apache-403了监狱并得到了这个
Status for the jail: apache-403
|- Filter
| |- Currently failed: 0
| |- Total failed: 51
| `- File list: /var/log/apache2/other_vhosts_access.log
`- Actions
|- Currently banned: 1
|- Total banned: 1
`- Banned IP list: de:443
但是 de:443 不是 IP……那么问题出在哪里?
特定的日志行如下所示:
jotoma.de:443 45.133.192.140 - - [15/Apr/2021:01:42:42 +0200] "POST /wp-login.php HTTP/1.1" 403 10297 "-" "Mozilla/5.0 (Linux; Android 6.0.1; SM-G610M Build/MMB29K; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/65.0.3325.109 Mobile Safari/537.36 Instagram 41.0.0.13.92 Android (23/6.0.1; 480dpi; 1080x1920; samsung; SM-G610M; on7xelte; samsungexynos7870; pt_BR; 103516666)"
我现在必须做什么来纠正它?在让这个过滤规则起作用之前我遇到了一个大问题,但现在它起作用了,但似乎是错误的。