X-Git-Url: https://git.openstreetmap.org./chef.git/blobdiff_plain/28b40a4b2e7dfc11157cc4c94f621028c729405d..9528de07d836fa814fd5b66dbe55aea20c9cff6c:/cookbooks/apache/recipes/default.rb

diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb
index f3a62fe43..80e9e473f 100644
--- a/cookbooks/apache/recipes/default.rb
+++ b/cookbooks/apache/recipes/default.rb
@@ -105,12 +105,21 @@ apache_conf "ssl" do
 end
 
 fail2ban_filter "apache-forbidden" do
-  failregex '^<ADDR> .* "[^"]*" 403 .*$'
+  action :delete
 end
 
 fail2ban_jail "apache-forbidden" do
-  filter "apache-forbidden"
-  logpath "/var/log/apache2/access.log"
+  action :delete
+end
+
+fail2ban_filter "apache-evasive" do
+  failregex "^Blacklisting address <ADDR>: possible DoS attack\.$"
+end
+
+fail2ban_jail "apache-evasive" do
+  filter "apache-evasive"
+  backend "systemd"
+  journalmatch "SYSLOG_IDENTIFIER=mod_evasive"
   ports [80, 443]
   findtime "1m"
   maxretry 50