47 lines
1.4 KiB
Plaintext
47 lines
1.4 KiB
Plaintext
# Fail2ban filter configuration for nginx :: limit_req
|
|
# used to ban hosts, that were failed through nginx by limit request processing rate
|
|
#
|
|
# Author: Serg G. Brester (sebres)
|
|
#
|
|
# To use 'nginx-limit-req' filter you should have `ngx_http_limit_req_module`
|
|
# and define `limit_req` and `limit_req_zone` as described in nginx documentation
|
|
# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html
|
|
#
|
|
# Example:
|
|
#
|
|
# http {
|
|
# ...
|
|
# limit_req_zone $binary_remote_addr zone=lr_zone:10m rate=1r/s;
|
|
# ...
|
|
# # http, server, or location:
|
|
# location ... {
|
|
# limit_req zone=lr_zone burst=1 nodelay;
|
|
# ...
|
|
# }
|
|
# ...
|
|
# }
|
|
# ...
|
|
#
|
|
|
|
[Definition]
|
|
|
|
# Specify following expression to define exact zones, if you want to ban IPs limited
|
|
# from specified zones only.
|
|
# Example:
|
|
#
|
|
# ngx_limit_req_zones = lr_zone|lr_zone2
|
|
#
|
|
ngx_limit_req_zones = [^"]+
|
|
|
|
# Use following full expression if you should range limit request to specified
|
|
# servers, requests, referrers etc. only :
|
|
#
|
|
# failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$
|
|
|
|
# Shortly, much faster and stable version of regexp:
|
|
failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>,
|
|
|
|
ignoreregex =
|
|
|
|
datepattern = {^LN-BEG}
|