Ok so here is another useful filter for fail2ban. Once this plugin is installed it will prevent malicious visitors from trying to brute-force folder and file discovery. After 5 attempts to visit a non existing file/folder the visitor is banned…
like always… BASH IN! :D
sudo bash
First Lets create a new entry in our jail.local file…
vim /etc/fail2ban/jail.local
copy the following text after the last apache entry…
[apache-clientd] enabled = true port = http,https filter = apache-client-denied logpath = /var/log/apache*/*error.log maxretry = 5
Now that we have added the entry into our jail.local we proceed, change to the filter.d directory, in this folder you will see lots of other pre-configured filters
cd /etc/fail2ban/filter.d
instead of creating a new filter file simply copy another, this will make the next step easier…
cp /etc/fail2ban/filter.d/apache-auth.conf /etc/fail2ban/filter.d/apache-client-denied.conf
find the line identical to the one below (Line 23)
failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$
replace it with the following one.
failregex = [[]client <HOST>[]] client denied by server configuration:
At this point your pretty much done, close the file and restart fail2ban
service fail2ban restart
Comment if you have questions, like my post if you find it helpful :)