From e7acc9ec8a7069a50952202afba038a0c5fb2d67 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 11 Mar 2024 17:30:03 +0000
Subject: [PATCH] Use fail2ban to block IPs getting repeated HTTP forbidden
 responses

---
 cookbooks/apache/metadata.rb        |  1 +
 cookbooks/apache/recipes/default.rb | 12 ++++++++++++
 2 files changed, 13 insertions(+)

diff --git a/cookbooks/apache/metadata.rb b/cookbooks/apache/metadata.rb
index 4aca8107d..f5c6057da 100644
--- a/cookbooks/apache/metadata.rb
+++ b/cookbooks/apache/metadata.rb
@@ -6,6 +6,7 @@ description       "Installs and configures apache"
 
 version           "1.0.0"
 supports          "ubuntu"
+depends           "fail2ban"
 depends           "munin"
 depends           "prometheus"
 depends           "ssl"
diff --git a/cookbooks/apache/recipes/default.rb b/cookbooks/apache/recipes/default.rb
index aee5dfcc8..57d801903 100644
--- a/cookbooks/apache/recipes/default.rb
+++ b/cookbooks/apache/recipes/default.rb
@@ -17,6 +17,7 @@
 # limitations under the License.
 #
 
+include_recipe "fail2ban"
 include_recipe "munin"
 include_recipe "prometheus"
 include_recipe "ssl"
@@ -98,6 +99,17 @@ apache_conf "ssl" do
   template "ssl.erb"
 end
 
+fail2ban_filter "apache-forbidden" do
+  failregex '^<ADDR> .* "[^"]*" 403 .*$'
+end
+
+fail2ban_jail "apache-forbidden" do
+  filter "apache-forbidden"
+  logpath "/var/log/apache2/access.log"
+  ports [80, 443]
+  maxretry 50
+end
+
 munin_plugin "apache_accesses"
 munin_plugin "apache_processes"
 munin_plugin "apache_volume"
-- 
2.39.5