#1  
Old 12th February 2013, 09:35
velda.ebel velda.ebel is offline
Junior Member
  
Join Date: Sep 2008
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Default Apache badbots fail2ban
I have RHEL6U2, and Apache on it (webmail).
I have installed fail2ban, and activated it for ssh-login and pop3imap-login failures, I have also tested it, and it works as it should.
Now I have activated apache-badbots option of fail2ban, but do not know how to test it.
Please help.
Reply With Quote
Sponsored Links
  #2  
Old 12th February 2013, 10:26
florian030 florian030 is offline
Member
  
Join Date: Oct 2012
Posts: 64
Thanks: 5
Thanked 12 Times in 11 Posts
Default
Use fail2ban-regex to test your regex. You can check against "real" logfiles or just strings representing a log line.
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
The Following User Says Thank You to florian030 For This Useful Post:
velda.ebel (12th February 2013)
  #3  
Old 12th February 2013, 10:48
velda.ebel velda.ebel is offline
Junior Member
  
Join Date: Sep 2008
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
Default Thak you
Thank you for the hint.
I did that, but found nothing in logs. I would like to fake a bot attack, to test the configuration, and I have no idea how to do that. Testing for ssh and pop3imap was easy...
Reply With Quote
  #4  
Old 12th February 2013, 11:21
florian030 florian030 is offline
Member
  
Join Date: Oct 2012
Posts: 64
Thanks: 5
Thanked 12 Times in 11 Posts
Default
To test your configs, check your apache-badbots.conf and find the failregex.

Mine looks like
Code:
failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
Chose one entry from "badbots" and run fail2ban-regex with a test-string against your apache-badbots.conf:
Code:
fail2ban-regex '1.2.3.4 - - [12/Feb/2013:10:53:59 +0100] "GET / HTTP/1.1 200" 39460 "-" "autoemailspider"' /etc/fail2ban/filter.d/apache-badbots.conf
You should get something like "Success, the total number of match is 1"
__________________
regards
Florian

blog.schaal-24.de
Reply With Quote
The Following User Says Thank You to florian030 For This Useful Post:
velda.ebel (12th February 2013)
  #5  
Old 12th February 2013, 11:42
velda.ebel velda.ebel is offline
Junior Member
  
Join Date: Sep 2008
Posts: 4
Thanks: 2
Thanked 0 Times in 0 Posts
 
Default Thank you!
Yes, that is it.
That works.
Thank you.
Reply With Quote
Reply

Bookmarks

Tags
apache

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
sessions not being saved gavimobile General 6 15th January 2012 15:05
fail2ban is doing nothing? rlischer Server Operation 16 29th June 2010 07:29
trying to install roundcubemail ressel Installation/Configuration 13 24th December 2009 20:13
problems with suexec gobokster Installation/Configuration 7 7th May 2009 13:33
CENTOS 5 Ping Problem gAnDo Server Operation 11 28th March 2008 20:58


All times are GMT +2. The time now is 19:51.

Contact Us - HowtoForge - Linux Howtos and Tutorials - Archive - Top

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2013, vBulletin Solutions, Inc.