-
Notifications
You must be signed in to change notification settings - Fork 1
/
apache-lj.conf
18 lines (11 loc) · 1.52 KB
/
apache-lj.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
# Fail2Ban configuration file
#
# Regexp to catch attacks created by Lukas Janku
[Definition]
# BETTER BLOCKING for attacks on port 80
failregex = ^([0-9\.:]*:80 <HOST>.*] "(CONNECT|GET|POST|HEAD) /((?!yes.txt|favicon.ico|server-status|munin|info.php|index.php|benchmark.php|opcache).)*)$
#failregex = ([\w\-.^_]+) <HOST>.*] "(CONNECT.*|GET http:.*|POST http:.*|GET .*.(js|jpg).*" 404 .*|GET /airtel/channels-sized-transparent/.*|GET /(.env|vendor/phpunit/).*|POST (/heartbeat/heartbeat|/cgi-bin/).*|GET.*(mj12bot|AhrefsBot|ineedthispage=yes|/wp-includes/wlwmanifest.xml).*|.*(YandexBot|SemrushBot|serpstatbot|BLEXBot|Adsbot|Barkrowler|MegaIndex.ru|Go-http-client|DotBot|python-requests|aiohttp|um-IC|SentiBot|ias-va|magpie-crawler|Sogou web spider)/.*|.* FUp/.*|.*(PetalBot;|IndeedBot |Keybot Translation-Search-Machine|ALittle Client|wp_is_mobile|Mediatoolkitbot|SEOkicks|CheckMarkNetwork|CensysInspect|woorankreview|FirmoGraph|Mail.RU_Bot|DataForSeoBot|ZoominfoBot|<php>|zgrab/0|expanseinc.com|seoscanners.info|binance.com).*|.*/../../../.*|GET /__media__/js/netsoltrademark.*|GET /shell?.*|.*Palo Alto Networks.*|GET /(v1|v2|v5|v6|v7|play|foc|tools|dts|tv|ctadx|interface|api|fpupdate|TV_Update|ecom_mobile|axis2-admin)/.*|.*"-" "Dalvik/.*|GET /.golangci..*)
# POST /_vti_bin/shtml.exe/_vti_rpc.* no because MS FrontPage 12.0
# .*Dalvik/.* no because "GET /.well-known/assetlinks.json HTTP/1.1" 301 225 "-" "Dalvik/2.1.0 (Linux; U; Android 10; SM-G960F Build/QP1A.190711.020)"
# GET /_vti_inf.html.* no because MS FrontPage 12.0
ignoreregex =