- Kosmas.gr phpMyFAQ (Codename Porus)

Add URL block filter in Fail2ban for Apache2

Create a filter file in /etc/fail2ban/filter.d/ as e.g. block-url.conf (/etc/fail2ban/filter.d/block-url.conf)

Containing:

[Definition]
failregex = ^<HOST> -.*\\"(GET|POST).*/cgi-bin/luci.*$
# ignoreregex =
datepattern = %%d/%%b/%%Y:%%H:%%M:%%S \\\\-%%f

This will detect the string /cgi-bin/luci in apache logs

Then create a local jail file e.g. /etc/fail2ban/jail.local

containing this:

[block-url]
enabled = true
filter = block-url
logpath = /var/log/httpd/*_log
maxretry = 1
bantime = 999000

This will locate log files from /var/log/httpd/*_log

and ban it for 999000 seconds.