[apache]
enabled = true
port = http,4443
bantime = 10m  
maxretry = 3
filter = apache-auth
logpath = /var/log/apache2/*error.log

[apache-noscript]
enabled = true
port = 80,4443
bantime = 10m  
maxretry = 3
filter = apache-noscript
logpath = /var/log/apache2/*error.log

[apache-auth]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 3
logpath  = %(apache_error_log)s

[apache-badbots]
# Ban hosts which agent identifies spammer robots crawling the web
# for email addresses. The mail outputs are buffered.
enabled  = true
port     = http,4443
logpath  = %(apache_access_log)s
bantime  = 48h
maxretry = 1

[apache-overflows]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-nohome]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-botsearch]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-fakegooglebot]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 1
logpath  = %(apache_access_log)s
ignorecommand = %(ignorecommands_dir)s/apache-fakegooglebot <ip>


[apache-modsecurity]
enabled  = true
port     = http,4443
bantime  = 10m
maxretry = 2
logpath  = %(apache_error_log)s


[apache-shellshock]
enabled = true
port    = http,4443
bantime  = 10m
maxretry = 1
logpath = %(apache_error_log)s

[phpmyadmin-syslog]
enabled  = true
port    = http,4443
bantime  = 10m
maxretry = 3
logpath = %(syslog_authpriv)s
backend = %(syslog_backend)s

[php-url-fopen]
enabled  = true
port    = http,4443
bantime  = 10m
maxretry = 3
logpath = %(apache_access_log)s

[apache-w00tw00t]
enabled = true
filter = apache-w00tw00t
action = iptables[name=Apache-w01tw00t,port=80,protocol=tcp]
logpath = /var/log/apache*/access.log
maxretry = 1
bantime = 864000

[apache-phpmyadmin]
enabled = true
port = http
filter = apache-phpmyadmin
logpath  = /var/log/apache*/access.log
maxretry = 3
bantime = 10m