[root@dev-dbs fail2ban-0.8.14]# cat /data/program/nginx/conf/nginx.conf
http {
include mime.types;
default_type application/octet-stream;
limit_req_zone $binary_remote_addr zone=allips:10m rate=20r/m;
sendfile on;
server {
listen 80;
server_name localhost;
location / {
root html;
index index.html index.htm;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root html;
limit_req zone=allips burst=3 nodelay;
}
[root@huangzp3 test]# cat test.sh
for (( i=0;i<60;i++ ))
do
curl -I 192.168.3.232/50x.html >>test.log ;
sleep 1
done
[root@dev ~]# sh test.sh
[root@dev ~]# sh test.sh
[root@dev ~]# cat test.log |grep 503|wc -l
74
[root@dev ~]# cat test.log |grep 200|wc -l
46
[root@dev-dbs fail2ban-0.8.14]# tail -f /data/program/nginx/logs/error.log
2018/04/24 23:46:24 [error] 13440#0: *76815 limiting requests, excess: 3.108 by zone "allips", client: 192.168.2.230, server: localhost, request: "HEAD /50x.html HTTP/1.1", host: "192.168.3.232"
2018/04/24 23:46:26 [error] 13440#0: *76817 limiting requests, excess: 3.433 by zone "allips", client: 192.168.2.230, server: localhost, request: "HEAD /50x.html HTTP/1.1", host: "192.168.3.232"
2018/04/24 23:46:27 [error] 13440#0: *76818 limiting requests, excess: 3.090 by zone "allips", client: 192.168.2.230, server: localhost, request: "HEAD /50x.html HTTP/1.1", host: "192.168.3.232"
[root@dev-dbs fail2ban-0.8.14]# cat /etc/fail2ban/filter.d/nginx-req-limit.conf
#Fail2Ban configuration file
#
# supports: ngx_http_limit_req_module module
[Definition]
failregex = .* limiting requests, excess:.* by zone.*client: <HOST>, .*
# Option: ignoreregex #
#Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =
[root@dev-dbs fail2ban-0.8.14]# cat /etc/fail2ban/jail.conf
[nginx-req-limit]
enabled = true
port = https,http
filter = nginx-req-limit
logpath = /data/program/nginx/logs/error.log
maxretry = 20
findtime = 60
bantime = 60
action = iptables-multiport[name=nginx-req-limit, port="https,http", protocol=tcp]
sendmail-whois-lines[name=nginx-req-limit, ]
[root@dev-dbs fail2ban-0.8.14]# service fail2ban start
[root@dev-dbs fail2ban-0.8.14]# iptables -nvL
Chain INPUT (policy ACCEPT 463K packets, 40M bytes)
pkts bytes target prot opt in out source destination
0 0 fail2ban-nginx-req-limit tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 443,80
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 371K packets, 37M bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-nginx-req-limit (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@huangzp3 test]# sh test.sh
[root@dev-dbs fail2ban-0.8.14]# iptables -nvL
Chain INPUT (policy ACCEPT 4370 packets, 354K bytes)
pkts bytes target prot opt in out source destination
226 15216 fail2ban-nginx-req-limit tcp -- * * 0.0.0.0/0 0.0.0.0/0 multiport dports 443,80
Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 3505 packets, 305K bytes)
pkts bytes target prot opt in out source destination
Chain fail2ban-nginx-req-limit (1 references)
pkts bytes target prot opt in out source destination
10 600 REJECT all -- * * 192.168.2.230 0.0.0.0/0 reject-with icmp-port-unreachable
216 14616 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
[root@dev-dbs fail2ban-0.8.14]# iptables -nvL --line-numbers
[root@dev-dbs fail2ban-0.8.14]# iptables -D fail2ban-nginx-req-limit 1
[root@dev-dbs fail2ban-0.8.14]# service fail2ban stop