fail2ban常规在nginx中找到403请求 [英] fail2ban regular to find 403 request in nginx
问题描述
我想找到403个请求并将其禁止,这是我的日志格式
I want to find the 403 requests and ban them,here is my log format
112.253.6.182 - - [08/Sep/2014:17:42:56 -0400] "GET / HTTP/1.1" 403 579 "baidu" "Mozilla/4.0" 50.117.86.72
106.37.177.251 - - [08/Sep/2014:17:42:56 -0400] "GET /index.php HTTP/1.1" 404 576 "baidu" "Mozilla/4.0" 204.44.65.173
190.254.173.14 - - [08/Sep/2014:17:42:56 -0400] "GET /index.php HTTP/1.1" 404 576 "baidu" "Mozilla/4.0" 204.44.65.173
41.222.196.37 - - [08/Sep/2014:17:42:56 -0400] "GET / HTTP/1.1" 403 579 "baidu" "Mozilla/4.0" 50.117.86.72
我的failreg是:
and my failreg is:
failregex = ^<HOST> -.*"(GET|POST).*.php.*\ 403\ .*$
ignoreregex =
ignoreregex =
但是当我使用fail2ban-regex命令对其进行测试时,它会在下面返回
but when I test it using fail2ban-regex command , it returns below
Failregex: 32 total
|- #) [# of hits] regular expression
| 1) [32] ^<HOST> -.*"(GET|POST).*.php.*\ 403\ .*$
`-
Ignoreregex: 0 total
Date template hits:
|- [# of hits] date format
| [3266] Day/MONTH/Year:Hour:Minute:Second
`-
Lines: 3266 lines, 0 ignored, 32 matched, 3234 missed
Missed line(s): too many to print. Use --print-all-missed to print all 3234 lines
您能帮我做一个正则表达式来匹配403请求并打印ip吗?预先感谢
could you help me to make a regex to match 403 requests and print the ip out . Thanks in advance
推荐答案
首先,您的示例日志条目是/的403s和/index.php的404s,而您的正则表达式试图匹配 php 扩展名和403代码.难怪你没有比赛.
First, your example log entrys are 403s for /, and 404s for /index.php, whereas your regex tries to match php extension and 403 code. There's no wonder you have no match.
因此,如果您感兴趣的只是与路径无关的403错误条目,这应该可以工作.
So if your interest is only a 403 error entry regardless of path, this should work.
^<HOST> .* "(GET|POST) [^"]+" 403
要调试正则表达式,可以使用此代码段.请注意, fail2ban 将<HOST>预处理为(?:::f{4,6}:)?(?P<host>\S+).
To debug your regular expression you can use this snippet. Note that <HOST> is preprocessed to (?:::f{4,6}:)?(?P<host>\S+) by fail2ban.
这篇关于fail2ban常规在nginx中找到403请求的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
