added some DDoS protection referenced from https://easyengine.io/tutorials/nginx/fail2ban/ adding a new Fail2Ban filter dubbed nginx-req-limit
This commit is contained in:
parent
b5af68a3a0
commit
1fb3434ff5
|
@ -0,0 +1,13 @@
|
|||
# Fail2Ban configuration file
|
||||
#
|
||||
# supports: ngx_http_limit_req_module module
|
||||
|
||||
[Definition]
|
||||
|
||||
failregex = limiting requests, excess:.* by zone.*client: <HOST>
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
ignoreregex =
|
|
@ -78,3 +78,12 @@ bantime = 3600
|
|||
|
||||
[ssh-ddos]
|
||||
enabled = true
|
||||
|
||||
[nginx-req-limit]
|
||||
|
||||
enabled = true
|
||||
filter = nginx-req-limit
|
||||
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]
|
||||
logpath = /var/log/nginx/*error.log
|
||||
findtime = 600
|
||||
bantime = 7200
|
||||
|
|
Loading…
Reference in New Issue