• Home
  • Archive
  • Tools
  • Contact Us

The Customize Windows

Technology Journal

  • Cloud Computing
  • Computer
  • Digital Photography
  • Windows 7
  • Archive
  • Cloud Computing
  • Virtualization
  • Computer and Internet
  • Digital Photography
  • Android
  • Sysadmin
  • Electronics
  • Big Data
  • Virtualization
  • Downloads
  • Web Development
  • Apple
  • Android
Advertisement
You are here: Home » Configure Fail2Ban With Mod Security And Other Filters

By Abhishek Ghosh July 29, 2017 11:31 am Updated on July 29, 2017

Configure Fail2Ban With Mod Security And Other Filters

Advertisement

This guide better to said to be continuation of IPtables Basic 3 and installing Mod Security. In this guide we will discuss around how to configure Fail2Ban with Mod Security & some other filters on Apache server to protect from PHP and other exploits. We are taking it granted that, from new user you are now somewhat used with Fail2Ban.

 

Configure Fail2Ban With Mod Security Filter

 

If you have installed, configured Mod Security in our way (that is standard way), you need not to do anything with Mod Security part. SSH to your server, change directory to /etc/fail2ban/filter.d, create a file named modsec.conf :

Vim
1
2
3
cd /etc/fail2ban/filter.d
ls | grep apache
nano modsec.conf

Fill that modsec.conf with this content :

Advertisement

---

Vim
1
2
3
4
5
6
7
# Fail2Ban configuration file
#
# Author: Florian Roth
 
[Definition]
failregex = \[.*?\]\s[\w-]*\s<HOST>\s
ignoreregex =

Save the file. Open /etc/fail2ban/jail.conf :

Vim
1
nano /etc/fail2ban/jail.conf

add this :

Vim
1
2
3
4
5
6
7
8
[modsec]
enabled  = true
filter   = modsec
action   = iptables-multiport[name=ModSec, port="http,https"]
logencoding = utf-8
logpath  = /var/log/apache2/modsec_audit.log
bantime  = 172800
maxretry = 1

Restart Fail2Ban and check status :

Vim
1
2
3
4
sudo service fail2ban restart
sudo service fail2ban status
fail2ban-client status
fail2ban-client status modsec

Against the last command, I got this output after 30 minutes :

Vim
1
2
3
4
5
6
7
8
9
Status for the jail: modsec
|- Filter
|  |- Currently failed: 0
|  |- Total failed: 9
|  `- File list: /var/log/apache2/modsec_audit.log
`- Actions
   |- Currently banned: 19
   |- Total banned: 19
   `- Banned IP list: 112.134.44.152 122.174.104.96 14.200.109.157 162.243.123.113 174.136.15.199 178.164.137.98 182.186.109.217 182.186.25.45 185.119.81.50 2.13.162.232 39.48.107.49 41.215.2.98 41.249.112.28 54.186.248.49 82.166.195.69 92.3.86.149 97.101.170.208 197.1.220.103 162.243.81.68

Configure Fail2Ban With Mod Security And Other Filters

What exactly happens, when WordPress plugin like IP Geo Block blocks attempt and send error, Mod Security catches it! Fail2Ban filter bans it! So, once try towards wp-login means banned as IP Geo Block sent 403 error from your settings, and Mod Security caught it. Next time WordPress and PHP need not to handle the load, from iptables the moron will be denied.

 

Configure Fail2Ban With Mod Security Filter Plus Other Filters

 

You can add more filters which are bundled inside /etc/fail2ban/filter.d. Open /etc/fail2ban/jail.conf :

Vim
1
nano /etc/fail2ban/jail.conf

add this :

Vim
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
[apache]
enabled  = true
port     = http,https
filter   = apache-auth
logpath  = /var/log/apache*/*error.log
maxretry = 6
 
[apache-noscript]
enabled  = true
port     = http,https
filter   = apache-noscript
logpath  = /var/log/apache*/*error.log
maxretry = 6
 
[apache-overflows]
enabled  = true
port     = http,https
filter   = apache-overflows
logpath  = /var/log/apache*/*error.log
maxretry = 2
 
[apache-nohome]
enabled  = true
port     = http,https
filter   = apache-nohome
logpath  = /var/log/apache*/*error.log
maxretry = 2
 
[apache-badbots]
 
enabled  = true
port     = http,https
filter   = apache-badbots
logpath  = /var/log/apache*/*error.log
maxretry = 2
 
[php-url-fopen]
 
enabled = true
port    = http,https
filter  = php-url-fopen
logpath = /var/log/apache*/*access.log

Restart Fail2Ban and check status :

Vim
1
2
3
sudo service fail2ban restart
sudo service fail2ban status
fail2ban-client status

You can cat the fail2ban log file to check any error :

Vim
1
cat /var/log/fail2ban.log | grep Error

I was getting an error :

Vim
1
WARNING Error decoding line from '/var/log/apache2/modsec_audit.log' with 'UTF-8'. Consider setting logencoding=utf-8 (or another appropriate encoding) for this jail.

I have fixed that in this guide’s settings. We can test filter in this way :

Vim
1
2
fail2ban-regex /var/log/apache2/modsec_audit.log /etc/fail2ban/filter.d/modsec.conf
fail2ban-regex /var/log/auth.log /etc/fail2ban/filter.d/sshd.conf

Run this for fine tuning (optional, for the advanced users) :

Vim
1
fail2ban-regex -v --print-all-missed /var/log/apache2/modsec_audit.log /etc/fail2ban/filter.d/modsec.conf /etc/fail2ban/filter.d/modsec.conf | less

What those jails do?

apache = detects, blocks password authentication failures
apache-noscript = detects, blocks potential search for exploits, php vulnerabilities
apache-overflows = detects, blocks Apache overflow attempts
apache-nohome = detects, blocks failures to find a home directory on a server
apache-badbots = detects, blocks bad bots
php-url-fopen = detects, blocks attempts to use certain PHP behavior for malicious purposes

Tagged With Error decoding line from with UTF-8 Consider setting logencoding=utf-8 (or another appropriate encoding) for this jail , fail2ban filter nginx modsecurity , fail2ban modsec , fail2ban mod_security , fail2ban php-url-fopen modded , failban filter mode mdpr , modify fail2ban filter , modsec filter , mod_sftp fail2ban

This Article Has Been Shared 808 Times!

Facebook Twitter Pinterest

Abhishek Ghosh

About Abhishek Ghosh

Abhishek Ghosh is a Businessman, Surgeon, Author and Blogger. You can keep touch with him on Twitter - @AbhishekCTRL.

Here’s what we’ve got for you which might like :

Articles Related to Configure Fail2Ban With Mod Security And Other Filters

  • WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud

    Here is a Step by Step Guide on Setting Up WordPress Multisite on Nginx on Ubuntu 14.04 on HP Cloud with All Commands and the Configuration.

  • Install Nginx HTTP/2 With ALPN on Ubuntu 14.04 From ondrej/nginx PPA

    In our previous guide, we have shown how to easily upgrade Nginx on Ubuntu 14.04 for HTTP/2 support. The required changes in the /etc/nginx/sites-enabled/default file, /etc/nginx/nginx.conf file and limitations of that way of installation has been discussed on this article. In this guide, we will show how to install Nginx HTTP/2 with ALPN on Ubuntu […]

  • Steps to Install NextCloud on Cloud Server (Nginx, Redis Cache)

    Here Are the Steps to Install NextCloud on Cloud Server With Nginx Server, Redis Cache, 2 FA, HTTPS. NextCloud is Like Your Own Dropbox.

  • Day to Day Commands For Server : Cloud Server Administration

    Here Are Useful, Regularly Updated Day to Day Commands For Server, This is Specially Written For Cloud Server Administration or VPS Instance.

  • Cheap Cloud & Virtual Servers For Running Apache Big Data Tools

    Here Are Some Points For Selecting Correct Servers For Running Apache Big Data Tools. Of Course We Are Talking About So Called Low End Box.

Additionally, performing a search on this website can help you. Also, we have YouTube Videos.

Take The Conversation Further ...

We'd love to know your thoughts on this article.
Meet the Author over on Twitter to join the conversation right now!

If you want to Advertise on our Article or want a Sponsored Article, you are invited to Contact us.

Contact Us

Subscribe To Our Free Newsletter

Get new posts by email:

Please Confirm the Subscription When Approval Email Will Arrive in Your Email Inbox as Second Step.

Search this website…

 

Popular Articles

Our Homepage is best place to find popular articles!

Here Are Some Good to Read Articles :

  • Cloud Computing Service Models
  • What is Cloud Computing?
  • Cloud Computing and Social Networks in Mobile Space
  • ARM Processor Architecture
  • What Camera Mode to Choose
  • Indispensable MySQL queries for custom fields in WordPress
  • Windows 7 Speech Recognition Scripting Related Tutorials

Social Networks

  • Pinterest (24.3K Followers)
  • Twitter (5.8k Followers)
  • Facebook (5.7k Followers)
  • LinkedIn (3.7k Followers)
  • YouTube (1.3k Followers)
  • GitHub (Repository)
  • GitHub (Gists)
Looking to publish sponsored article on our website?

Contact us

Recent Posts

  • What Online Casinos Have No Deposit Bonus in Australia March 30, 2023
  • Four Foolproof Tips To Never Run Out Of Blog Ideas For Your Website March 28, 2023
  • The Interactive Entertainment Serving as a Tech Proving Ground March 28, 2023
  • Is it Good to Run Apache Web server and MySQL Database on Separate Cloud Servers? March 27, 2023
  • Advantages of Cloud Server Over Dedicated Server for Hosting WordPress March 26, 2023

About This Article

Cite this article as: Abhishek Ghosh, "Configure Fail2Ban With Mod Security And Other Filters," in The Customize Windows, July 29, 2017, March 31, 2023, https://thecustomizewindows.com/2017/07/configure-fail2ban-with-mod-security-and-other-filters/.

Source:The Customize Windows, JiMA.in

PC users can consult Corrine Chorney for Security.

Want to know more about us? Read Notability and Mentions & Our Setup.

Copyright © 2023 - The Customize Windows | dESIGNed by The Customize Windows

Copyright  · Privacy Policy  · Advertising Policy  · Terms of Service  · Refund Policy

We use cookies on our website to give you the most relevant experience by remembering your preferences and repeat visits. By clicking “Accept”, you consent to the use of ALL the cookies.
Do not sell my personal information.
Cookie SettingsAccept
Manage consent

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may affect your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. These cookies ensure basic functionalities and security features of the website, anonymously.
CookieDurationDescription
cookielawinfo-checkbox-analytics11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Analytics".
cookielawinfo-checkbox-functional11 monthsThe cookie is set by GDPR cookie consent to record the user consent for the cookies in the category "Functional".
cookielawinfo-checkbox-necessary11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookies is used to store the user consent for the cookies in the category "Necessary".
cookielawinfo-checkbox-others11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Other.
cookielawinfo-checkbox-performance11 monthsThis cookie is set by GDPR Cookie Consent plugin. The cookie is used to store the user consent for the cookies in the category "Performance".
viewed_cookie_policy11 monthsThe cookie is set by the GDPR Cookie Consent plugin and is used to store whether or not user has consented to the use of cookies. It does not store any personal data.
Functional
Functional cookies help to perform certain functionalities like sharing the content of the website on social media platforms, collect feedbacks, and other third-party features.
Performance
Performance cookies are used to understand and analyze the key performance indexes of the website which helps in delivering a better user experience for the visitors.
Analytics
Analytical cookies are used to understand how visitors interact with the website. These cookies help provide information on metrics the number of visitors, bounce rate, traffic source, etc.
Advertisement
Advertisement cookies are used to provide visitors with relevant ads and marketing campaigns. These cookies track visitors across websites and collect information to provide customized ads.
Others
Other uncategorized cookies are those that are being analyzed and have not been classified into a category as yet.
SAVE & ACCEPT