LinuxSecu/inc/fail2ban/jail.d/apache.conf

[apache]
enabled = true
port = http,4443
bantime = 10m  
maxretry = 3
filter = apache-auth
logpath = /var/log/apache2/*error.log

[apache-noscript]
enabled = true
port = 80,4443
bantime = 10m  
maxretry = 3
filter = apache-noscript
logpath = /var/log/apache2/*error.log

[apache-auth]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 3
logpath  = %(apache_error_log)s

[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
enabled  = true
port     = http,4443
logpath  = %(apache_access_log)s
bantime  = 48h
maxretry = 1

[apache-overflows]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-nohome]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-botsearch]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-fakegooglebot]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 1
logpath  = %(apache_access_log)s
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>


[apache-modsecurity]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-shellshock]
enabled = true
port    = http,4443
bantime  = 10m
maxretry = 1
logpath = %(apache_error_log)s

[phpmyadmin-syslog]
enabled  = true
port    = http,4443
bantime  = 10m
maxretry = 3
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s

[php-url-fopen]
enabled  = true
port    = http,4443
bantime  = 10m
maxretry = 3
logpath = %(apache_access_log)s

[apache-w00tw00t]
enabled = true
filter = apache-w00tw00t
action = iptables[name=Apache-w01tw00t,port=80,protocol=tcp]
logpath = /var/log/apache*/access.log
maxretry = 1
bantime = 864000

[apache-phpmyadmin]
enabled = true
port = http
filter = apache-phpmyadmin
logpath  = /var/log/apache*/access.log
maxretry = 3
bantime = 10m
first commit 2022-08-24 07:57:22 +02:00			`[apache]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 3`
			`filter = apache-auth`
			`logpath = /var/log/apache2/*error.log`

			`[apache-noscript]`
			`enabled = true`
			`port = 80,4443`
			`bantime = 10m`
			`maxretry = 3`
			`filter = apache-noscript`
			`logpath = /var/log/apache2/*error.log`

			`[apache-auth]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 3`
			`logpath = %(apache_error_log)s`

			`[apache-badbots]`
			`# Ban hosts which agent identifies spammer robots crawling the web`
			`# for email addresses. The mail outputs are buffered.`
			`enabled = true`
			`port = http,4443`
			`logpath = %(apache_access_log)s`
			`bantime = 48h`
			`maxretry = 1`

			`[apache-overflows]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 2`
			`logpath = %(apache_error_log)s`


			`[apache-nohome]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 2`
			`logpath = %(apache_error_log)s`


			`[apache-botsearch]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 2`
			`logpath = %(apache_error_log)s`


			`[apache-fakegooglebot]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 1`
			`logpath = %(apache_access_log)s`
			`ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>`


			`[apache-modsecurity]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 2`
			`logpath = %(apache_error_log)s`


			`[apache-shellshock]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 1`
			`logpath = %(apache_error_log)s`

			`[phpmyadmin-syslog]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 3`
			`logpath = %(syslog_authpriv)s`
			`backend = %(syslog_backend)s`

			`[php-url-fopen]`
			`enabled = true`
			`port = http,4443`
			`bantime = 10m`
			`maxretry = 3`
			`logpath = %(apache_access_log)s`

			`[apache-w00tw00t]`
			`enabled = true`
			`filter = apache-w00tw00t`
			`action = iptables[name=Apache-w01tw00t,port=80,protocol=tcp]`
			`logpath = /var/log/apache*/access.log`
			`maxretry = 1`
			`bantime = 864000`

			`[apache-phpmyadmin]`
			`enabled = true`
			`port = http`
			`filter = apache-phpmyadmin`
			`logpath = /var/log/apache*/access.log`
			`maxretry = 3`
			`bantime = 10m`