Apache badbots fail2ban

[velda.ebel]

I have RHEL6U2, and Apache on it (webmail).
I have installed fail2ban, and activated it for ssh-login and pop3imap-login failures, I have also tested it, and it works as it should.
Now I have activated apache-badbots option of fail2ban, but do not know how to test it.
Please help.

[florian030]

Use fail2ban-regex to test your regex. You can check against "real" logfiles or just strings representing a log line.

[velda.ebel]

Thank you for the hint.
I did that, but found nothing in logs. I would like to fake a bot attack, to test the configuration, and I have no idea how to do that. Testing for ssh and pop3imap was easy...

[florian030]

To test your configs, check your apache-badbots.conf and find the failregex.

Mine looks like

Code:

failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$

Chose one entry from "badbots" and run fail2ban-regex with a test-string against your apache-badbots.conf:

Code:

fail2ban-regex '1.2.3.4 - - [12/Feb/2013:10:53:59 +0100] "GET / HTTP/1.1 200" 39460 "-" "autoemailspider"' /etc/fail2ban/filter.d/apache-badbots.conf

You should get something like "Success, the total number of match is 1"

[velda.ebel]

Yes, that is it.
That works.
Thank you.