From 1fb3434ff5e82ea57e907b9cb555250f84cd7d0f Mon Sep 17 00:00:00 2001 From: ChiefGyk Date: Sat, 17 Dec 2016 15:43:03 -0500 Subject: [PATCH] added some DDoS protection referenced from https://easyengine.io/tutorials/nginx/fail2ban/ adding a new Fail2Ban filter dubbed nginx-req-limit --- conf/fail2ban/filter.d/nginx-req-limit.conf | 13 +++++++++++++ conf/fail2ban/jails.conf | 9 +++++++++ 2 files changed, 22 insertions(+) create mode 100644 conf/fail2ban/filter.d/nginx-req-limit.conf diff --git a/conf/fail2ban/filter.d/nginx-req-limit.conf b/conf/fail2ban/filter.d/nginx-req-limit.conf new file mode 100644 index 00000000..fb1b70a7 --- /dev/null +++ b/conf/fail2ban/filter.d/nginx-req-limit.conf @@ -0,0 +1,13 @@ +# Fail2Ban configuration file +# +# supports: ngx_http_limit_req_module module + +[Definition] + +failregex = limiting requests, excess:.* by zone.*client: + +# Option: ignoreregex +# Notes.: regex to ignore. If this regex matches, the line is ignored. +# Values: TEXT +# +ignoreregex = \ No newline at end of file diff --git a/conf/fail2ban/jails.conf b/conf/fail2ban/jails.conf index 0146b64c..7a88229a 100644 --- a/conf/fail2ban/jails.conf +++ b/conf/fail2ban/jails.conf @@ -78,3 +78,12 @@ bantime = 3600 [ssh-ddos] enabled = true + +[nginx-req-limit] + +enabled = true +filter = nginx-req-limit +action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp] +logpath = /var/log/nginx/*error.log +findtime = 600 +bantime = 7200