Fail2Ban -我想知道如何禁止记录在Nginx访问日志中的特定机器人

Question

我想禁止一个特定的机器人与Fail2Ban。有人能告诉我是怎么做到的吗？

这是你想要禁止的机器人：。MJ12bot、AhrefsBot、DotBot、SemrushBot

服务器环境：。CentOS7 Nginx

日志存储在:中。

/var/log/nginx/domain-name/access.log
/var/log/nginx/domain-name/error.log

Answer 1

您应该编辑/etc/fail2ban/jail.conf以启用nginx-botsearch过滤器

[nginx-botsearch]
enabled = true 

然后，您必须向/etc/fail2ban/filter.d/nginx-botsearch.conf添加RegEx筛选器

# Fail2Ban filter to match web requests for selected URLs that don't exist
#

[INCLUDES]

# Load regexes for filtering
before = botsearch-common.conf

[Definition]

failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) \/<block> \S+\" 404 .+$
            ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$
            HERE_YOUR_NEW_REGEX
ignoreregex = 


# DEV Notes:
# Based on apache-botsearch filter
# 
# Author: Frantisek Sumsal

最后，您必须重新启动Fail2Ban服务

service fail2ban restart