These forums are locked and archived, but all topics have been migrated to the new forum. You can search for this topic on the new forum: Search for Fail2Ban for 403s on the new forum.
Web Hosting and Cloud Computing Control Panels
Activate filter what you need, in this case would be "apache-auth":
[apache-auth]enabled = true
port = http,https
logpath = /var/log/virtualmin/domain.com_error_log ## Edit based on your distro, e.g. it could be your OS have different path for logs
/var/log/virtualmin/domain.com_access_log ## Edit based on your distro, e.g. it could be your OS have different path for logs
maxretry = ??
For ?? use what you think is appropriate for your situation.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
I'd think so, but it seems that webmin defaults the apache-auth jail to the error logs:
http://i.imgur.com/E92uNxz.png
I edited my previous post. For Apache logs of your domain this should be the default path but i'm used to Centos and not sure if other distros are using same path.
- I often come to the conclusion that my brain has too many tabs open. -
Failing at desktop publishing & graphic design since 1994.
had to create another jail to catch 403s in the access log. the proper setup is:
create a new log filter called
httpd-forbiddencontaining<HOST>\ -\ -\ .*HTTP\/[0-9]+(.[0-9]+)?" 403then create a new jail like this: http://i.imgur.com/WjuV6cY.png
restart fail2ban.
you can test how many matches the filter has by using:
fail2ban-regex /var/log/virtualmin/yoursite.com_access_log /etc/fail2ban/filter.d/httpd-forbidden.confyou can see the current status of this filter by using:
fail2ban-client status httpd-forbiddenand you can unban yourself via ssh by using:
fail2ban-client set httpd-forbidden unbanip 192.0.2.42more info:
https://www.slightfuture.com/security/fail2ban-http403
https://guides.wp-bullet.com/protect-wordpress-wp-login-apache-http-auth...