HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Server Operation (http://www.howtoforge.com/forums/forumdisplay.php?f=5)
-   -   Apache badbots fail2ban (http://www.howtoforge.com/forums/showthread.php?t=60528)

velda.ebel 12th February 2013 09:35
Apache badbots fail2ban
 
I have RHEL6U2, and Apache on it (webmail).
I have installed fail2ban, and activated it for ssh-login and pop3imap-login failures, I have also tested it, and it works as it should.
Now I have activated apache-badbots option of fail2ban, but do not know how to test it.
Please help.

florian030 12th February 2013 10:26
Use fail2ban-regex to test your regex. You can check against "real" logfiles or just strings representing a log line.

velda.ebel 12th February 2013 10:48
Thak you
 
Thank you for the hint.
I did that, but found nothing in logs. I would like to fake a bot attack, to test the configuration, and I have no idea how to do that. Testing for ssh and pop3imap was easy...

florian030 12th February 2013 11:21
To test your configs, check your apache-badbots.conf and find the failregex.

Mine looks like
Code:
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
Chose one entry from "badbots" and run fail2ban-regex with a test-string against your apache-badbots.conf:
Code:
fail2ban-regex '1.2.3.4 - - [12/Feb/2013:10:53:59 +0100] "GET / HTTP/1.1 200" 39460 "-" "autoemailspider"' /etc/fail2ban/filter.d/apache-badbots.conf
You should get something like "Success, the total number of match is 1"

velda.ebel 12th February 2013 11:42
Thank you!
 
Yes, that is it.
That works.
Thank you.


All times are GMT +2. The time now is 19:35.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.