Restrict fail2ban to evasive blocks instead of all 403 errors

author Tom Hughes <tom@compton.nu>

Tue, 12 Mar 2024 08:52:58 +0000 (08:52 +0000)

committer Tom Hughes <tom@compton.nu>

Tue, 12 Mar 2024 08:55:06 +0000 (08:55 +0000)
author Tom Hughes <tom@compton.nu>
Tue, 12 Mar 2024 08:52:58 +0000 (08:52 +0000)
committer Tom Hughes <tom@compton.nu>
Tue, 12 Mar 2024 08:55:06 +0000 (08:55 +0000)
diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb

index f3a62fe4380c9a3b13d115db6080188d09e0ae39..80e9e473f1aa004c302e1f0dceab577fa5634d1a 100644 (file)
--- a/cookbooks/apache/recipes/default.rb
+++ b/cookbooks/apache/recipes/default.rb
@@ -105,12 +105,21 @@ apache_conf "ssl" do
  end
  
  fail2ban_filter "apache-forbidden" do
-  failregex '^<ADDR> .* "[^"]*" 403 .*$'
+  action :delete
  end
  
  fail2ban_jail "apache-forbidden" do
-  filter "apache-forbidden"
-  logpath "/var/log/apache2/access.log"
+  action :delete
+end
+
+fail2ban_filter "apache-evasive" do
+  failregex "^Blacklisting address <ADDR>: possible DoS attack\.$"
+end
+
+fail2ban_jail "apache-evasive" do
+  filter "apache-evasive"
+  backend "systemd"
+  journalmatch "SYSLOG_IDENTIFIER=mod_evasive"
    ports [80, 443]
    findtime "1m"
    maxretry 50
diff --git a/cookbooks/fail2ban/resources/jail.rb b/cookbooks/fail2ban/resources/jail.rb

index f6864505405b27fcb5fbaa197f0c64951960849e..e5801c065bbd8d3acfa1644460133b9d310da19f 100644 (file)
--- a/cookbooks/fail2ban/resources/jail.rb
+++ b/cookbooks/fail2ban/resources/jail.rb
@@ -23,6 +23,8 @@ default_action :create
  
  property :jail, :kind_of => String, :name_property => true
  property :filter, :kind_of => String
+property :backend, :kind_of => String
+property :journalmatch, :kind_of => String
  property :logpath, :kind_of => String
  property :protocol, :kind_of => String
  property :ports, :kind_of => Array, :default => []
@@ -40,6 +42,8 @@ action :create do
      mode "644"
      variables :name => new_resource.jail,
                :filter => new_resource.filter,
+              :backend => new_resource.backend,
+              :journalmatch => new_resource.journalmatch,
                :logpath => new_resource.logpath,
                :protocol => new_resource.protocol,
                :ports => new_resource.ports,
diff --git a/cookbooks/fail2ban/templates/default/jail.erb b/cookbooks/fail2ban/templates/default/jail.erb

index 6a7e377d82632cdbe2705fd90b7674f3a27f3925..357e09ea50da55c694600658ecabf909ee6e3704 100644 (file)
--- a/cookbooks/fail2ban/templates/default/jail.erb
+++ b/cookbooks/fail2ban/templates/default/jail.erb
@@ -11,6 +11,12 @@ port = <%= @ports.join(",") %>
  <% if @filter -%>
  filter = <%= @filter %>
  <% end -%>
+<% if @backend -%>
+backend = <%= @backend %>
+<% end -%>
+<% if @journalmatch -%>
+journalmatch = <%= @journalmatch %>
+<% end -%>
  <% if @logpath -%>
  logpath = <%= @logpath %>
  <% end -%>
author	Tom Hughes <tom@compton.nu>
	Tue, 12 Mar 2024 08:52:58 +0000 (08:52 +0000)
committer	Tom Hughes <tom@compton.nu>
	Tue, 12 Mar 2024 08:55:06 +0000 (08:55 +0000)
cookbooks/apache/recipes/default.rb		patch \| blob \| history
cookbooks/fail2ban/resources/jail.rb		patch \| blob \| history
cookbooks/fail2ban/templates/default/jail.erb		patch \| blob \| history