Apache badbots fail2ban

Discussion in 'Server Operation' started by velda.ebel, Feb 12, 2013.

  1. velda.ebel

    velda.ebel New Member

    I have RHEL6U2, and Apache on it (webmail).
    I have installed fail2ban, and activated it for ssh-login and pop3imap-login failures, I have also tested it, and it works as it should.
    Now I have activated apache-badbots option of fail2ban, but do not know how to test it.
    Please help.
  2. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    Use fail2ban-regex to test your regex. You can check against "real" logfiles or just strings representing a log line.
  3. velda.ebel

    velda.ebel New Member

    Thak you

    Thank you for the hint.
    I did that, but found nothing in logs. I would like to fake a bot attack, to test the configuration, and I have no idea how to do that. Testing for ssh and pop3imap was easy...
  4. florian030

    florian030 ISPConfig Developer ISPConfig Developer

    To test your configs, check your apache-badbots.conf and find the failregex.

    Mine looks like
    failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
    Chose one entry from "badbots" and run fail2ban-regex with a test-string against your apache-badbots.conf:
    fail2ban-regex ' - - [12/Feb/2013:10:53:59 +0100] "GET / HTTP/1.1 200" 39460 "-" "autoemailspider"' /etc/fail2ban/filter.d/apache-badbots.conf
    You should get something like "Success, the total number of match is 1"
  5. velda.ebel

    velda.ebel New Member

    Thank you!

    Yes, that is it.
    That works.
    Thank you.

Share This Page