HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (
-   Server Operation (
-   -   Apache badbots fail2ban (

velda.ebel 12th February 2013 10:35

Apache badbots fail2ban
I have RHEL6U2, and Apache on it (webmail).
I have installed fail2ban, and activated it for ssh-login and pop3imap-login failures, I have also tested it, and it works as it should.
Now I have activated apache-badbots option of fail2ban, but do not know how to test it.
Please help.

florian030 12th February 2013 11:26

Use fail2ban-regex to test your regex. You can check against "real" logfiles or just strings representing a log line.

velda.ebel 12th February 2013 11:48

Thak you
Thank you for the hint.
I did that, but found nothing in logs. I would like to fake a bot attack, to test the configuration, and I have no idea how to do that. Testing for ssh and pop3imap was easy...

florian030 12th February 2013 12:21

To test your configs, check your apache-badbots.conf and find the failregex.

Mine looks like

failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
Chose one entry from "badbots" and run fail2ban-regex with a test-string against your apache-badbots.conf:

fail2ban-regex ' - - [12/Feb/2013:10:53:59 +0100] "GET / HTTP/1.1 200" 39460 "-" "autoemailspider"' /etc/fail2ban/filter.d/apache-badbots.conf
You should get something like "Success, the total number of match is 1"

velda.ebel 12th February 2013 12:42

Thank you!
Yes, that is it.
That works.
Thank you.

All times are GMT +2. The time now is 12:10.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.