ansible-personal/roles/common/templates/etc/fail2ban/jail.d/nginx.local.j2

[nginx]
enabled   = true
# See: /etc/fail2ban/filter.d/nginx-botsearch.conf
filter    = nginx-botsearch
# Integrate with nftables
banaction=nftables[type=allports]
backend   = pyinotify
logpath   = /var/log/nginx/*-access.log
# Try to find a non-existent wp-login.php once and get banned. Tough luck.
maxretry  = 1
findtime  = {{ fail2ban_findtime }}
bantime   = {{ fail2ban_bantime }}
ignoreip  = {{ fail2ban_ignoreip }}
Add nginx filter for fail2ban Some hosts can use fail2ban's nginx-botsearch filter to ban anyone making requests to non-existent files like wp-login.php. There is no reason to request such files naively and anyone found doing so can be banned immediately. In theory I should report them to AbuseIPDB.com, but that will take a little more wiring up. 2021-08-01 08:56:43 +02:00			`[nginx]`
			`enabled = true`
			`# See: /etc/fail2ban/filter.d/nginx-botsearch.conf`
			`filter = nginx-botsearch`
			`# Integrate with nftables`
			`banaction=nftables[type=allports]`
roles/common: use pyinotify backend for nginx fail2ban jail This seems to be automatically selected, but on some other servers I notice it is not. I will set it here explicitly so fail2ban does not fall back to the inefficient "polling" or incorrect "systemd" backends. 2022-01-04 14:10:02 +01:00			`backend = pyinotify`
Add nginx filter for fail2ban Some hosts can use fail2ban's nginx-botsearch filter to ban anyone making requests to non-existent files like wp-login.php. There is no reason to request such files naively and anyone found doing so can be banned immediately. In theory I should report them to AbuseIPDB.com, but that will take a little more wiring up. 2021-08-01 08:56:43 +02:00			`logpath = /var/log/nginx/*-access.log`
			`# Try to find a non-existent wp-login.php once and get banned. Tough luck.`
			`maxretry = 1`
			`findtime = {{ fail2ban_findtime }}`
			`bantime = {{ fail2ban_bantime }}`
			`ignoreip = {{ fail2ban_ignoreip }}`