Blame | Last modification | View Log | RSS feed
# Fail2ban filter configuration for nginx :: limit_req# used to ban hosts, that were failed through nginx by limit request processing rate## Author: Serg G. Brester (sebres)## To use 'nginx-limit-req' filter you should have `ngx_http_limit_req_module`# and define `limit_req` and `limit_req_zone` as described in nginx documentation# http://nginx.org/en/docs/http/ngx_http_limit_req_module.html## Example:## http {# ...# limit_req_zone $binary_remote_addr zone=lr_zone:10m rate=1r/s;# ...# # http, server, or location:# location ... {# limit_req zone=lr_zone burst=1 nodelay;# ...# }# ...# }# ...#[Definition]# Specify following expression to define exact zones, if you want to ban IPs limited# from specified zones only.# Example:## ngx_limit_req_zones = lr_zone|lr_zone2#ngx_limit_req_zones = [^"]+# Use following full expression if you should range limit request to specified# servers, requests, referrers etc. only :## failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$# Shortly, much faster and stable version of regexp:failregex = ^\s*\[[a-z]+\] \d+#\d+: \*\d+ limiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>,ignoreregex =datepattern = {^LN-BEG}