Use fail2ban to block IPs getting repeated HTTP forbidden responses

author Tom Hughes <tom@compton.nu>

Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)

committer Tom Hughes <tom@compton.nu>

Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)
author Tom Hughes <tom@compton.nu>
Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)
committer Tom Hughes <tom@compton.nu>
Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)
diff --git a/cookbooks/apache/metadata.rb b/cookbooks/apache/metadata.rb

index 4aca8107d528d09a2900b92985c278e293f9ff72..f5c6057da6a8221408becd45c946c019e8a3b14b 100644 (file)
--- a/cookbooks/apache/metadata.rb
+++ b/cookbooks/apache/metadata.rb
@@ -6,6 +6,7 @@ description       "Installs and configures apache"
  
  version           "1.0.0"
  supports          "ubuntu"
+depends           "fail2ban"
  depends           "munin"
  depends           "prometheus"
  depends           "ssl"
diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb

index aee5dfcc87564b74dfdb9bbc624a04e1a10c583b..57d8019034ccd113083c6cbeee2534d702919c21 100644 (file)
--- a/cookbooks/apache/recipes/default.rb
+++ b/cookbooks/apache/recipes/default.rb
@@ -17,6 +17,7 @@
  # limitations under the License.
  #
  
+include_recipe "fail2ban"
  include_recipe "munin"
  include_recipe "prometheus"
  include_recipe "ssl"
@@ -98,6 +99,17 @@ apache_conf "ssl" do
    template "ssl.erb"
  end
  
+fail2ban_filter "apache-forbidden" do
+  failregex '^<ADDR> .* "[^"]*" 403 .*$'
+end
+
+fail2ban_jail "apache-forbidden" do
+  filter "apache-forbidden"
+  logpath "/var/log/apache2/access.log"
+  ports [80, 443]
+  maxretry 50
+end
+
  munin_plugin "apache_accesses"
  munin_plugin "apache_processes"
  munin_plugin "apache_volume"
author	Tom Hughes <tom@compton.nu>
	Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)
committer	Tom Hughes <tom@compton.nu>
	Mon, 11 Mar 2024 17:30:03 +0000 (17:30 +0000)
cookbooks/apache/metadata.rb		patch \| blob \| history
cookbooks/apache/recipes/default.rb		patch \| blob \| history