View All Products
Compute
Storage
Networking
Databases
Services
Developer Tools
Industries
Pricing
Community
Engage With Us
Community Questions Fail2Ban do not log apache jail
Log in to Ask a Question
✓ Solved

Fail2Ban do not log apache jail

fail2ban server-security

Hi there

I'm trying to set up a Fail2Ban jail for unwanted incoming traffic on my Linode. This I do with Fail2Ban and it is working for the sshd-port.

Now I want to jail unwanted attacks on my apache server. I do this with the forllowing jail code:

[apache]
enabled = false
port = http,https
filter = apache-noscript
action = iptables-multiport[name=NoScript, port="http,https"]
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 3600

But it does not record any of the attacks that appears in the error.log. What I'm missing?

Cheers,
Adam

1 Reply

✓ Best Answer

This filter:

filter = apache-noscript

probably doesn't match your log entries. You can test this with fail2ban-regex(1). See man fail2ban-regex or

https://fail2ban.readthedocs.io/en/latest/filters.html

It's been my experience that the supplied fail2ban(1) filters are fairly brittle with respect to any log file entry modifications. They're written for the basest of base cases only (which can vary from distro to distro depending on installation/startup options…there is not one log format that rules them all).

This site may be of some interest/help to you:

https://www.regextester.com/94338

-- sw

Reply

Please enter an answer
Tips:

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Log in to Reply
Community Code of Conduct