Apache badbots fail2ban

Discussion in 'Server Operation' started by velda.ebel, Feb 12, 2013.

  1. velda.ebel

    velda.ebel New Member

    I have RHEL6U2, and Apache on it (webmail).
    I have installed fail2ban, and activated it for ssh-login and pop3imap-login failures, I have also tested it, and it works as it should.
    Now I have activated apache-badbots option of fail2ban, but do not know how to test it.
    Please help.
     
  2. florian030

    florian030 Member HowtoForge Supporter ISPConfig Developer

    Use fail2ban-regex to test your regex. You can check against "real" logfiles or just strings representing a log line.
     
  3. velda.ebel

    velda.ebel New Member

    Thak you

    Thank you for the hint.
    I did that, but found nothing in logs. I would like to fake a bot attack, to test the configuration, and I have no idea how to do that. Testing for ssh and pop3imap was easy...
     
  4. florian030

    florian030 Member HowtoForge Supporter ISPConfig Developer

    To test your configs, check your apache-badbots.conf and find the failregex.

    Mine looks like
    Code:
    failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$
    Chose one entry from "badbots" and run fail2ban-regex with a test-string against your apache-badbots.conf:
    Code:
    fail2ban-regex '1.2.3.4 - - [12/Feb/2013:10:53:59 +0100] "GET / HTTP/1.1 200" 39460 "-" "autoemailspider"' /etc/fail2ban/filter.d/apache-badbots.conf
    
    You should get something like "Success, the total number of match is 1"
     
  5. velda.ebel

    velda.ebel New Member

    Thank you!

    Yes, that is it.
    That works.
    Thank you.
     
: apache

Share This Page