fail2ban – Correct regex to block POST request and GET request to single file in apache?
What’s the correct fail2ban regex to block these kind of requests?
The excerpt is from apache access.log
181.204.83.115 – – [28/Mar/2024:17:38:47 +0200] “POST /login.php HTTP/1.1” 200 11593
and
181.204.83.115 – – [28/Mar/2024:17:38:47 +0200] “GET /login.php HTTP/1.1” 200 11593
I tried those with no luck:
failregex = ^ .* “POST /login.php
failregex = ^ .* “GET /login.php
failregex = ^ -.*”(GET|POST).login.php
failregex = [[]client []] – – “login.php”
failregex = ^ .* “POST .login.php HTTP/.” 200
But I get when running fail2ban-regex:
No ‘host’ group in ‘/etc/filter.d/filternamefile.conf’
Cannot remove regular expression. Index 0 is not valid
Thanks.
Read more here: Source link