I have a problem with Fail2Ban on Debian. I want to block IP addresses that try to search for .avi, .mpeg or .mpg files on my server. I don't know what I have to search for in jail.conf to add that rule.
Thanks for help.
Asked
Active
Viewed 83 times
2 Answers
0
You can ban specific IP addresses using sudo fail2ban-client -vvv set JAIL banip WW.XX.YY.ZZ
Arjan
- 599
- 5
- 23
-
yea, but how add rule to block only when someone tries to search for .avi files? – JajoK Dec 21 '18 at 11:53
-
I thought you wanted to ban them after the fact that they searched for it, my bad. – Arjan Dec 21 '18 at 12:09
0
Create a filter and add it to jail.local.
In the filter create a regex that looks for the mp4, etc in the access file.
Here is an example of one from our access logs.
34.209.175.228 - - [21/Jan/2019:17:01:43 -0500] "GET /wp-content/uploads/2014/10/WORK-WE-DO-TEST.mp4
Your regex will look something like this:
<HOST> - - .mp4
You’ll need one line for each file type.
Jason
- 87
- 1
- 9