Merge pull request #2 from blackc2004/master

Add NGINX 404 and DOS filters

debian/resources/fail2ban/jail.package

@@ -55,3 +55,24 @@ action   = iptables-allports[name=fusionpbx, protocol=all]
 maxretry = 5
 findtime = 600
 bantime  = 600	
+
+[nginx-404]
+enabled = true
+port = http,https
+filter = nginx-404
+logpath = /var/log/nginx/access*.log
+bantime = 600
+findtime = 600
+maxretry = 10
+
+[nginx-dos]
+# Based on apache-badbots but a simple IP check (any IP requesting more than
+# 240 pages in 60 seconds, or 4p/s average, is suspicious)
+# Block for two full days.
+enabled = true
+port = http
+filter = nginx-dos
+logpath = /var/log/nginx/access*.log
+findtime = 60
+bantime = 172800
+maxretry = 240

debian/resources/fail2ban/jail.source

@@ -55,3 +55,22 @@ action   = iptables-allports[name=fusionpbx, protocol=all]
 maxretry = 5
 findtime = 600
 bantime  = 600	
+
+[nginx-404]
+enabled = true
+port = http,https
+filter = nginx-404
+logpath = /var/log/nginx/access*.log
+bantime = 600
+findtime = 600
+maxretry = 10
+
+[nginx-dos]
+# Based on apache-badbots
+enabled = true
+port = http
+filter = nginx-dos
+logpath = /var/log/nginx/access*.log
+findtime = 60
+bantime = 172800
+maxretry = 240

debian/resources/fail2ban/nginx-404.conf

@@ -0,0 +1,5 @@
+# Fail2Ban configuration file
+#
+[Definition]
+failregex = <HOST> - - \[.*\] "(GET|POST).*HTTP.* 404
+ignoreregex =

debian/resources/fail2ban/nginx-dos.conf

@@ -0,0 +1,14 @@
+# Fail2Ban configuration file
+ 
+[Definition]
+# Option: failregex
+# Notes.: Regexp to catch a generic call from an IP address.
+# Values: TEXT
+#
+failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"$
+ 
+# Option: ignoreregex
+# Notes.: regex to ignore. If this regex matches, the line is ignored.
+# Values: TEXT
+#
+ignoreregex =