fail2ban – Correct regex to block POST request and GET request to single file in apache?

What’s the correct fail2ban regex to block these kind of requests?

The excerpt is from apache access.log

181.204.83.115 – – [28/Mar/2024:17:38:47 +0200] “POST /login.php HTTP/1.1” 200 11593
and
181.204.83.115 – – [28/Mar/2024:17:38:47 +0200] “GET /login.php HTTP/1.1” 200 11593

I tried those with no luck:

failregex = ^ .* “POST /login.php

failregex = ^ .* “GET /login.php

failregex = ^ -.*”(GET|POST).login.php

failregex = [[]client []] – – “login.php”

failregex = ^ .* “POST .login.php HTTP/.” 200

But I get when running fail2ban-regex:

No ‘host’ group in ‘/etc/filter.d/filternamefile.conf’
Cannot remove regular expression. Index 0 is not valid

Thanks.

Read more here: Source link