美文网首页
Apache有个非常好用的插件叫Fail2Ban

Apache有个非常好用的插件叫Fail2Ban

作者: Zal哥哥 | 来源:发表于2020-11-26 18:53 被阅读0次

    Apache有个非常好用的插件叫Fail2Ban,目的是阻挡一些攻击性或者扫描性的请求,把符合条件的请求从Apache日志里找出来并且禁止该IP的访问一段时间.

    安装:

    sudo yum install fail2ban

    安装完成后,在/etc 目录下会多了fail2ban的目录,此时创建一个jail.local 文件去配置fail2ban (sudo vi /etc/fail2ban/jail.local)

    以下是在网上找到的配置 (可以修改bantime,并且要修改logpath指向apache的error_log才行. 调节maxretry去设定多少失败次数后才被禁止访问; ignoreip去除外某些IP地址):

    jail.local

    
    # detect password authentication failures
    
    [apache]
    
    enabled  = true
    
    filter   = apache-auth
    
    action   = iptables-multiport[name=auth, port="http,https"]
    
    logpath  = /var/log/httpd/error_log
    
    bantime  = 3600
    
    maxretry = 10
    
    ignoreip = 10.*.*.*
    
    # detect spammer robots crawling email addresses
    
    [apache-badbots]
    
    enabled  = true
    
    filter   = apache-badbots
    
    action   = iptables-multiport[name=badbots, port="http,https"]
    
    logpath  = /var/log/httpd/error_log
    
    bantime  = 3600
    
    maxretry = 1
    
    ignoreip = 10.*.*.*
    
    # detect potential search for exploits
    
    [apache-noscript]
    
    enabled  = true
    
    filter   = apache-noscript
    
    action   = iptables-multiport[name=noscript, port="http,https"]
    
    logpath  = /var/log/httpd/error_log
    
    bantime  = 3600
    
    maxretry = 5
    
    ignoreip = 10.*.*.*
    
    # detect Apache overflow attempts
    
    [apache-overflows]
    
    enabled  = true
    
    filter   = apache-overflows
    
    action   = iptables-multiport[name=overflows, port="http,https"]
    
    logpath  = /var/log/httpd/error_log
    
    bantime  = 3600
    
    maxretry = 2
    
    ignoreip = 10.*.*.*
    
    

    假如需要查看某一个Fail2Ban Filter阻止了哪些IP, 可以通过Fail2Ban-client 命令去查看:

    terminal

    
    sudo fail2ban-client status apache-noscript
    
    

    以上命令就是查看apache-noscript的具体状态和阻挡了什么IP

    以下是从Google找到的一个防止URL扫描配置:

    urlscanning过滤:https://unix.stackexchange.com/questions/119508/how-to-use-fail2ban-to-ban-all-php-and-cgi-bin-requests

    相关文章

      网友评论

          本文标题:Apache有个非常好用的插件叫Fail2Ban

          本文链接:https://www.haomeiwen.com/subject/zwxwiktx.html