c8h4/nixos-config
1
0
Fork 0
Code Issues Actions Activity

services: nginx: add fail2ban filter for (more) crawlers
All checks were successful
flake / build (push) Successful in 2m57s
Details

Browse source 
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
Christoph Heiss 2024-08-22 23:11:20 +02:00
parent 17a05c88db
commit ede4400e9e
Signed by: c8h4
GPG key ID: 6817E9C75C0785D7
1 changed files with 25 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
services/nginx.nix
View file

@ -49,15 +49,37 @@
wants = [ "network-online.target" ];
};
services.fail2ban.jails.apache-badbots =
lib.mkIf config.services.fail2ban.enable {
services.fail2ban.jails = lib.mkIf config.services.fail2ban.enable {
apache-badbots.settings = {
enabled = true;
backend = "pyinotify";
port = "http,https";
filter = "apache-badbots";
logpath = "/var/log/nginx/access.log";
maxretry = 1;
bantime = "72h";
};
disrespectful-crawlers = {
filter = {
Definition = {
badcrawlers = ".*(Amazonbot|Bytespider).*";
failregex =
''^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:%(badcrawlers)s)"$'';
ignoreregex = "";
datepattern = ''
^[^\[]*\[({DATE})
{^LN-BEG}'';
};
};
settings = {
enabled = true;
backend = "pyinotify";
port = "http,https";
filter = "apache-badbots";
filter = "disrespectful-crawlers";
logpath = "/var/log/nginx/access.log";
maxretry = 1;
bantime = "72h";
};
};
};
}