Configure Apache With Fail2Ban on Ubuntu 18.04

Our oldest guide on fail2ban on this website is Installing Fail2ban on Ubuntu 14.04. In this context, it is important to read the article on pam_unix(sushi:auth): authentication failure, which is result of a type of attack. Here is How To Configure Apache With Fail2Ban on Ubuntu 18.04 to block more types of malicious attempts towards server to create a practical firewall. If you are pretty new to server, simply do the following to get started with fail2ban :

Run iptables -L to list current rules and if rules are not present then run :

Restart fail2ban :

Next you can read our guides like :

1. Fail2Ban Log Analysis Bash Script For Report Generation
2. Configuring Fail2Ban With WordPress
3. WordPress with Fail2Ban Plugin
4. Fail2ban GeoIP Action Script to Block SSH by Country
5. Fail2Ban Log Analytics Graph With badips.com

Up to this point our setup was not Apache webserver specific.

 

Configure Apache With Fail2Ban on Ubuntu 18.04

 

Actually we can only edit /etc/fail2ban/jail.local to add new rules. /etc/fail2ban/jail.conf get overwritten upon update. Of course, you can write rules on /etc/fail2ban/jail.conf and copy to /etc/fail2ban/jail.local. I usually keep them same. That is about settings file.

We have some filters in the /etc/fail2ban/filter.d/ directory :

We have the following filters available :

We will create the following settings, notice web root of the filters :

[apache] : blocks failed login attempts (apache-auth.conf). Run cat on apache-auth.conf to read.
[apache-noscript] : block remote clients who are searching for scripts on the website to execute. Run cat on apache-noscript.conf to read.
[apache-overflows] : blocks clients who are attempting to request suspicious URLs. Run cat on apache-overflows.conf to read.
[apache-noscript] : blocks remote clients who are searching for scripts on website to execute. Run cat on apache-noscript.conf to read. It may give some error on WordPress.
[apache-badbots] : blocks malicious bot requests. Run cat on apache-badbots.conf to read.
[apache-botsearch] : blocks malicious bot requests. Run cat on apache-botsearch.conf to read.
[apache-fakegooglebot] : blocks bots faking as Google bot. Run cat on apache-fakegooglebot.conf to read.
[apache-shellshock] : blocks possible shellshock exploit. Run cat on apache-shellshock.conf to read.

Open :

And edit the web root. These are your extra settings :

You edited the /etc/fail2ban/jail.local file. Make both copies updated by running :

Run :

You can find how many IPs are banned by the above Apache filter by running :

Filter related with Apache mod_security is separately discussed about the module.

I found that human invented more filters such as to stop SQL injection. Our WordPress plugin filter blocks authentication attempt, enumeration attempt, pingback error, spammed comment, XML-RPC multicall authentication failure.

I liked the apache-sqlinject. I have created a Github repo for the extra filters (copy them to /etc/fail2ban/filter.d/) and settings. apache-nodos will ban mini DOS attacks like running ab test on server.

Add these two extra settings :

No DOS for test purpose. That ends this article.

Tagged With fail2ban apache ubuntu 18 04 , configure fail2ban ubuntu 18 10 , ubuntu 18 04 server install fail2ban , fail2ban ubuntu 18 04 portscan , fail2ban ubuntu 18 04 apache , fail2ban ddos protection ubuntu 18 04 , fail2ban apache auth , configure fail2ban ubuntu 18 04 , configure fail2ban ubuntu , configure fail2ban to downstream the bot

This Article Has Been Shared 404 Times!

Facebook Twitter Pinterest