services: nginx: add fail2ban filter for (more) crawlers
All checks were successful
flake / build (push) Successful in 2m57s
All checks were successful
flake / build (push) Successful in 2m57s
Signed-off-by: Christoph Heiss <christoph@c8h4.io>
This commit is contained in:
parent
17a05c88db
commit
ede4400e9e
|
@ -49,15 +49,37 @@
|
|||
wants = [ "network-online.target" ];
|
||||
};
|
||||
|
||||
services.fail2ban.jails.apache-badbots =
|
||||
lib.mkIf config.services.fail2ban.enable {
|
||||
services.fail2ban.jails = lib.mkIf config.services.fail2ban.enable {
|
||||
apache-badbots.settings = {
|
||||
enabled = true;
|
||||
backend = "pyinotify";
|
||||
port = "http,https";
|
||||
filter = "apache-badbots";
|
||||
logpath = "/var/log/nginx/access.log";
|
||||
maxretry = 1;
|
||||
bantime = "72h";
|
||||
};
|
||||
disrespectful-crawlers = {
|
||||
filter = {
|
||||
Definition = {
|
||||
badcrawlers = ".*(Amazonbot|Bytespider).*";
|
||||
failregex =
|
||||
''^<HOST> -.*"(GET|POST|HEAD).*HTTP.*"(?:%(badcrawlers)s)"$'';
|
||||
ignoreregex = "";
|
||||
datepattern = ''
|
||||
^[^\[]*\[({DATE})
|
||||
{^LN-BEG}'';
|
||||
};
|
||||
};
|
||||
settings = {
|
||||
enabled = true;
|
||||
backend = "pyinotify";
|
||||
port = "http,https";
|
||||
filter = "apache-badbots";
|
||||
filter = "disrespectful-crawlers";
|
||||
logpath = "/var/log/nginx/access.log";
|
||||
maxretry = 1;
|
||||
bantime = "72h";
|
||||
};
|
||||
};
|
||||
};
|
||||
}
|
||||
|
|
Loading…
Reference in a new issue