Alan Orth
0ffb1b1a36
This seems to be automatically selected, but on some other servers I notice it is not. I will set it here explicitly so fail2ban does not fall back to the inefficient "polling" or incorrect "systemd" backends.
19 lines
716 B
Django/Jinja
19 lines
716 B
Django/Jinja
[nginx]
|
|
enabled = true
|
|
# See: /etc/fail2ban/filter.d/nginx-botsearch.conf
|
|
filter = nginx-botsearch
|
|
{% if (ansible_distribution == 'Debian' and ansible_distribution_major_version is version('11', '>=')) or (ansible_distribution == 'Ubuntu' and ansible_distribution_version is version('20.04', '>=')) %}
|
|
# Integrate with nftables
|
|
banaction=nftables[type=allports]
|
|
{% else %}
|
|
# Integrate with firewalld and ipsets
|
|
banaction = firewallcmd-ipset
|
|
{% endif %}
|
|
backend = pyinotify
|
|
logpath = /var/log/nginx/*-access.log
|
|
# Try to find a non-existent wp-login.php once and get banned. Tough luck.
|
|
maxretry = 1
|
|
findtime = {{ fail2ban_findtime }}
|
|
bantime = {{ fail2ban_bantime }}
|
|
ignoreip = {{ fail2ban_ignoreip }}
|