Go Back   HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials > Linux Forums > Server Operation

Do you like HowtoForge? Please consider supporting us by becoming a subscriber.
Reply
 
Thread Tools Display Modes
  #1  
Old 10th January 2009, 03:12
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default fail2ban and apache2 with lot of errors: File does not exist

What is the best way to get rid of errors (in apache2/error.log) like this:

[error] [client 111.222.333.444] File does not exist: /var/www/sharedip/forum

how to get IPs that are persistent with this kind of activity banned?
Reply With Quote
Sponsored Links
  #2  
Old 10th January 2009, 13:18
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

Quote:
Originally Posted by _X_ View Post
What is the best way to get rid of errors (in apache2/error.log) like this:

[error] [client 111.222.333.444] File does not exist: /var/www/sharedip/forum
This might work:
Code:
SetEnvIf        Remote_Addr "^111.222.333.444$" dontlog
ErrorLog /var/log/apache2/error.log env=!dontlog
(see http://httpd.apache.org/docs/2.0/mod/mod_setenvif.html )

Quote:
Originally Posted by _X_ View Post
how to get IPs that are persistent with this kind of activity banned?
You could add them to /etc/hosts.deny or try this: http://www.howtoforge.com/forums/sho...42&postcount=4
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
  #3  
Old 10th January 2009, 19:23
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
Default

my intention was to create filter in jail.local for fail2ban so it can block those IPs automatically after certain amount of retries.
Reply With Quote
  #4  
Old 11th January 2009, 14:17
falko falko is offline
Super Moderator
 
Join Date: Apr 2005
Location: Lüneburg, Germany
Posts: 41,701
Thanks: 1,900
Thanked 2,740 Times in 2,575 Posts
Default

You'd have to create a filter for fail2ban that uses a regex to find these records, and then you'd have to configure fail2ban to monitor apache2/error.log.

The filter.d directory has some examples, that should give you the idea.
__________________
Falko
--
Download the ISPConfig 3 Manual! | Check out the ISPConfig 3 Billing Module!

FB: http://www.facebook.com/howtoforge

nginx-Webhosting: Timme Hosting | Follow me on:
Reply With Quote
The Following User Says Thank You to falko For This Useful Post:
_X_ (11th January 2009)
  #5  
Old 11th January 2009, 17:22
_X_ _X_ is offline
Senior Member
 
Join Date: Oct 2008
Posts: 247
Thanks: 8
Thanked 37 Times in 35 Posts
 
Default

if anyone needs something like this here is how to do it in Fail2Ban:

1) create new conf file in filter.d/ folder of your fail2ban (in ubuntu: /etc/fail2ban/filter.d/) ... or just copy existing one with new file name:

cp apache-auth.conf apache-newfilter.conf

edit apache-newfilter.conf so it looks like this

Code:
[Definition]

failregex = [[]client <HOST>[]] File does not exist:
ignoreregex =
2) edit jail.local in your Fail2Ban folder (Ubuntu: /etc/fail2ban/jail.local)

add section:


Code:
[apache-newfilter]

enabled = true  
port    = http,https
filter  = apache-newfilter
logpath = /var/log/apache*/*error.log
maxretry = 4
3) - enabled - change true to false to dissable filter
- filter - shouldn't be longer than 21 characters so something like apache-filedoesnotexist wont work because fail2ban creates chain in iptables: fail2ban-apache-filedoesnotexist and that is more than 30 characters
Reply With Quote
The Following User Says Thank You to _X_ For This Useful Post:
falko (12th January 2009)
Reply

Bookmarks

Tags
apache2, error, fail2ban

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT +2. The time now is 11:10.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.