Use fail2ban to block bogus note searches

diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb
index 44aa0cd5b22cfdc02ce686c97a147b212e2da363..6c1f0f761f321a2df84a4b071790bd8d59a9af6c 100644 (file)
--- a/cookbooks/web/recipes/frontend.rb
+++ b/cookbooks/web/recipes/frontend.rb
@@ -75,6 +75,16 @@ fail2ban_jail "apache-request-timeout" do
   ports [80, 443]
 end
 
+fail2ban_filter "apache-notes-search" do
+  failregex '^<ADDR> .* "GET /api/0\.6/notes/search\?q=abcde&.*$'
+end
+
+fail2ban_jail "apache-notes-search" do
+  filter "apache-notes-search"
+  logpath "/var/log/apache2/access.log"
+  ports [80, 443]
+end
+
 if %w[database_offline database_readonly].include?(node[:web][:status])
   service "rails-jobs@mailers" do
     action :stop