fail2ban一直说IP是被禁止的,然后说它已经被禁止了。
fail2ban一直说IP是被禁止的,然后说它已经被禁止了。
提问于 2023-03-07 18:17:02
这是我的fail2ban版本v0.11.1在AWS EC2平台上的UbuntuLinux20.04上设置的。jail.local文件具有来自jail.conf的标准默认值,但我只在jail.local中激活这2个监狱:
# Stop the 404 attacks
[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/access.log
maxretry = 5
findtime = 60
bantime = 300
action = iptables-multiport[name=HTTPS, port=https, protocol=tcp]
[recidive]
enabled =true
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 5m
findtime = 1dfail2ban包附带的一个定义文件是雷斯迪夫。Apache404.conf定义文件如下:
# Fail2Ban configuration file
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =当我们的网站上的无效文件被同一用户重复点击时,我们在fail2ban.log文件中看到了以下内容,这对我们来说没有理由禁止用户,除非我们在配置上做了一些不正确的事情,或者我们的期望太高。
2023-03-07 12:09:56,316 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:09:56
2023-03-07 12:10:05,513 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:05
2023-03-07 12:10:08,218 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:07
2023-03-07 12:10:13,025 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:12
2023-03-07 12:10:14,629 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:14
2023-03-07 12:10:15,213 fail2ban.actions [173661]: NOTICE [apache-404] Ban 71.29.12.245
2023-03-07 12:10:15,331 fail2ban.filter [173661]: INFO [recidive] Found 71.29.12.245 - 2023-03-07 12:10:15
2023-03-07 12:10:16,233 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:16
2023-03-07 12:10:22,142 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:21
2023-03-07 12:10:24,907 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:24
2023-03-07 12:10:34,019 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:33
2023-03-07 12:10:35,622 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:35
2023-03-07 12:10:35,854 fail2ban.actions [173661]: NOTICE [apache-404] 71.29.12.245 already banned
2023-03-07 12:10:37,521 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:10:37
2023-03-07 12:11:25,901 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:25
2023-03-07 12:11:33,912 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:33
2023-03-07 12:11:35,630 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:35
2023-03-07 12:11:37,245 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:37
2023-03-07 12:11:37,343 fail2ban.actions [173661]: WARNING [apache-404] 71.29.12.245 already banned
2023-03-07 12:11:38,914 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:38
2023-03-07 12:11:40,546 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:40
2023-03-07 12:11:42,149 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:42
2023-03-07 12:11:43,928 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:43
2023-03-07 12:11:45,531 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:45
2023-03-07 12:11:45,563 fail2ban.actions [173661]: WARNING [apache-404] 71.29.12.245 already banned
2023-03-07 12:11:47,140 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:46
2023-03-07 12:11:48,126 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:48
2023-03-07 12:11:51,324 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:51
2023-03-07 12:11:53,258 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:53
2023-03-07 12:11:54,337 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:54
2023-03-07 12:11:54,585 fail2ban.actions [173661]: WARNING [apache-404] 71.29.12.245 already banned
2023-03-07 12:11:55,940 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:55
2023-03-07 12:11:57,734 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:57
2023-03-07 12:11:59,337 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:11:59
2023-03-07 12:12:00,940 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:12:00
2023-03-07 12:12:06,848 fail2ban.filter [173661]: INFO [apache-404] Found 71.29.12.245 - 2023-03-07 12:12:06
2023-03-07 12:12:07,414 fail2ban.actions [173661]: WARNING [apache-404] 71.29.12.245 already banned
2023-03-07 12:14:08,567 fail2ban.filter [173661]: INFO [apache-404] Found 198.199.97.240 - 2023-03-07 12:14:08
2023-03-07 12:17:07,790 fail2ban.actions [173661]: NOTICE [apache-404] Unban 71.29.12.245当我向iptable发出以下命令时,我会得到以下内容:
sudo iptables-save
# Generated by iptables-save v1.8.4 on Tue Mar 7 12:19:33 2023
*filter
:INPUT ACCEPT [92:8233]
:FORWARD ACCEPT [0:0]
:OUTPUT ACCEPT [95:90339]
:f2b-HTTPS - [0:0]
-A INPUT -p tcp -m multiport --dports 443 -j f2b-HTTPS
-A f2b-HTTPS -j RETURN
-A f2b-HTTPS -j RETURN
-A f2b-HTTPS -j RETURN
COMMIT回答 1
Unix & Linux用户
发布于 2023-03-08 14:20:40
在做了研究和测试之后,我能够确定是什么问题导致fail2ban在被禁止时错误地识别了一个已经被禁止的IP地址。
事实证明,IP地址根本没有被禁止,因为apache-404.conf文件的设置不正确。操作中定义的端口仅被设置为HTTPS,但是触发所有这些混乱的用户没有使用HTTPS。
下面是正确的设置(请注意,它不再显示操作--只是默认设置,端口都是HTTP和HTTPS):
# Stop the 404 attacks
[apache-404]
enabled = true
port = http,https
filter = apache-404
logpath = /var/log/apache*/access.log
maxretry = 5
findtime = 60
bantime = 300页面原文内容由Unix & Linux提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://unix.stackexchange.com/questions/739006
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号