fail2ban/README.apache-formspam

# ---
# README..apache-formspam
# ---

# Es sollen bestimmte POST requests abgesichert werden.
#
# abzusichernde Formularseiten:
#
#     /suche/
#	   /profile/register.php
#	   /profile/forgotPassword.php
#	   /abo-service/kuendigung.php
#


# Filterdatei /etc/fail2ban/filter.d/apache-formspam.conf
#
cat <<'EOF' > /etc/fail2ban/filter.d/apache-formspam.conf
[Definition]
failregex = ^<HOST> - .* "POST (/suche/|/profile/register\.php|/profile/forgotPassword\.php|/abo-service/kuendigung\.php) HTTP/.*"
ignoreregex =
EOF


# Jail-Konfiguration: /etc/fail2ban/jail.d/apache-formspam.conf
#
cat <<'EOF' > /etc/fail2ban/jail.d/apache-formspam.conf
[apache-formspam]
enabled = true
filter = apache-formspam
logpath = /var/log/apache2/nd-aktuell-access.log
maxretry = 100
findtime = 600
bantime = 1800
EOF


# Filter testen
#
fail2ban-regex /var/log/apache2/nd-aktuell-access.log /etc/fail2ban/filter.d/apache-formspam.conf


# fail2ban neu laden
#
systemctl restart fail2ban


# Status prüfen:
#
fail2ban-client status apache-formspam