Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation
Reload this Page fail2ban and apache2 with lot of errors: File does not exist
Register FAQ Members List Social Groups Calendar Search Today's Posts Mark Forums Read

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th January 2009, 03:12
_X_ _X_ is offline
Senior Member
  
Join Date: Oct 2008
Posts: 248
Thanks: 8
Thanked 37 Times in 35 Posts
Default fail2ban and apache2 with lot of errors: File does not exist
What is the best way to get rid of errors (in apache2/error.log) like this:

[error] [client 111.222.333.444] File does not exist: /var/www/sharedip/forum

how to get IPs that are persistent with this kind of activity banned?
Reply With Quote
Sponsored Links
  #2  
Old 10th January 2009, 13:18
falko falko is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,600 Times in 2,449 Posts
Default
Quote:
Originally Posted by _X_ View Post
What is the best way to get rid of errors (in apache2/error.log) like this:

[error] [client 111.222.333.444] File does not exist: /var/www/sharedip/forum
This might work:
Code:
SetEnvIf        Remote_Addr "^111.222.333.444$" dontlog
ErrorLog /var/log/apache2/error.log env=!dontlog
(see http://httpd.apache.org/docs/2.0/mod/mod_setenvif.html )

Quote:
Originally Posted by _X_ View Post
how to get IPs that are persistent with this kind of activity banned?
You could add them to /etc/hosts.deny or try this: http://www.howtoforge.com/forums/sho...42&postcount=4
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 10th January 2009, 19:23
_X_ _X_ is offline
Senior Member
  
Join Date: Oct 2008
Posts: 248
Thanks: 8
Thanked 37 Times in 35 Posts
Default
my intention was to create filter in jail.local for fail2ban so it can block those IPs automatically after certain amount of retries.
Reply With Quote
  #4  
Old 11th January 2009, 14:17
falko falko is offline
Super Moderator
  
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,685
Thanks: 1,899
Thanked 2,600 Times in 2,449 Posts
Default
You'd have to create a filter for fail2ban that uses a regex to find these records, and then you'd have to configure fail2ban to monitor apache2/error.log.

The filter.d directory has some examples, that should give you the idea.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
_X_ (11th January 2009)
  #5  
Old 11th January 2009, 17:22
_X_ _X_ is offline
Senior Member
  
Join Date: Oct 2008
Posts: 248
Thanks: 8
Thanked 37 Times in 35 Posts
 
Default
if anyone needs something like this here is how to do it in Fail2Ban:

1) create new conf file in filter.d/ folder of your fail2ban (in ubuntu: /etc/fail2ban/filter.d/) ... or just copy existing one with new file name:

cp apache-auth.conf apache-newfilter.conf

edit apache-newfilter.conf so it looks like this

Code:
[Definition]

failregex = [[]client <HOST>[]] File does not exist:
ignoreregex =
2) edit jail.local in your Fail2Ban folder (Ubuntu: /etc/fail2ban/jail.local)

add section:


Code:
[apache-newfilter]

enabled = true  
port    = http,https
filter  = apache-newfilter
logpath = /var/log/apache*/*error.log
maxretry = 4
3) - enabled - change true to false to dissable filter
- filter - shouldn't be longer than 21 characters so something like apache-filedoesnotexist wont work because fail2ban creates chain in iptables: fail2ban-apache-filedoesnotexist and that is more than 30 characters
Reply With Quote
The Following User Says Thank You to _X_ For This Useful Post:
falko (12th January 2009)
Reply

Bookmarks

Tags
apache2, error, fail2ban

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump


All times are GMT +2. The time now is 07:09.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.