end
fail2ban_filter "apache-forbidden" do
- failregex '^<ADDR> .* "[^"]*" 403 .*$'
+ action :delete
end
fail2ban_jail "apache-forbidden" do
- filter "apache-forbidden"
- logpath "/var/log/apache2/access.log"
+ action :delete
+end
+
+fail2ban_filter "apache-evasive" do
+ failregex "^Blacklisting address <ADDR>: possible DoS attack\.$"
+end
+
+fail2ban_jail "apache-evasive" do
+ filter "apache-evasive"
+ backend "systemd"
+ journalmatch "SYSLOG_IDENTIFIER=mod_evasive"
ports [80, 443]
findtime "1m"
maxretry 50
property :jail, :kind_of => String, :name_property => true
property :filter, :kind_of => String
+property :backend, :kind_of => String
+property :journalmatch, :kind_of => String
property :logpath, :kind_of => String
property :protocol, :kind_of => String
property :ports, :kind_of => Array, :default => []
mode "644"
variables :name => new_resource.jail,
:filter => new_resource.filter,
+ :backend => new_resource.backend,
+ :journalmatch => new_resource.journalmatch,
:logpath => new_resource.logpath,
:protocol => new_resource.protocol,
:ports => new_resource.ports,