aboutsummaryrefslogtreecommitdiff
path: root/straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf
diff options
context:
space:
mode:
authorLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
committerLukasz Kasprzak <lukasz.kasprzak@pm.me>2026-04-14 22:32:43 +0200
commit83f7fe4b8402bab171d110703a1b1115efbc9b28 (patch)
tree19110702c7d740f6bd8ee4f5d2ebcb97442be237 /straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf
parent51d43498b07dc97d795947964534f0903cd05db5 (diff)
downloadbin-83f7fe4b8402bab171d110703a1b1115efbc9b28.tar.gz
bin-83f7fe4b8402bab171d110703a1b1115efbc9b28.zip
cleaned up many scrits and deleted some that were of no use; renamed a lot
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf')
-rw-r--r--straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf117
1 files changed, 0 insertions, 117 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf
deleted file mode 100644
index 0de382b..0000000
--- a/straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf
+++ /dev/null
@@ -1,117 +0,0 @@
-# Fail2Ban configuration file for black-listing via nginx
-#
-# Author: Serg G. Brester (aka sebres)
-#
-# To use 'nginx-block-map' action you should define some special blocks in your nginx configuration,
-# and use it hereafter in your locations (to notify fail2ban by failure, resp. nginx by ban).
-#
-# Example (argument "token_id" resp. cookie "session_id" used here as unique identifier for user):
-#
-# http {
-# ...
-# # maps to check user is blacklisted (banned in f2b):
-# #map $arg_token_id $blck_lst_tok { include blacklisted-tokens.map; }
-# map $cookie_session_id $blck_lst_ses { include blacklisted-sessions.map; }
-# ...
-# # special log-format to notify fail2ban about failures:
-# log_format f2b_session_errors '$msec failure "$cookie_session_id" - $remote_addr - $remote_user '
-# ;# '"$request" $status $bytes_sent '
-# # '"$http_referer" "$http_user_agent"';
-#
-# # location checking blacklisted values:
-# location ... {
-# # check banned sessionid:
-# if ($blck_lst_ses != "") {
-# try_files "" @f2b-banned;
-# }
-# ...
-# # notify fail2ban about a failure inside nginx:
-# error_page 401 = @notify-f2b;
-# ...
-# }
-# ...
-# # location for return with "403 Forbidden" if banned:
-# location @f2b-banned {
-# default_type text/html;
-# return 403 "<br/><center>
-# <b style=\"color:red; font-size:18pt; border:2pt solid black; padding:5pt;\">
-# You are banned!</b></center>";
-# }
-# ...
-# # location to notify fail2ban about a failure inside nginx:
-# location @notify-f2b {
-# access_log /var/log/nginx/f2b-auth-errors.log f2b_session_errors;
-# }
-# }
-# ...
-#
-# Note that quote-character (and possibly other special characters) are not allowed currently as session-id.
-# Thus please add any session-id validation rule in your locations (or in the corresponding backend-service),
-# like in example below:
-#
-# location ... {
-# if ($cookie_session_id !~ "^[\w\-]+$") {
-# return 403 "Wrong session-id"
-# }
-# ...
-# }
-#
-# The parameters for jail corresponding log-format (f2b_session_errors):
-#
-# [nginx-blck-lst]
-# filter =
-# datepattern = ^Epoch
-# failregex = ^ failure "<F-ID>[^"]+</F-ID>" - <ADDR>
-# usedns = no
-#
-# The same log-file can be used for IP-related jail (additionally to session-related, to ban very bad IPs):
-#
-# [nginx-blck-ip]
-# maxretry = 100
-# filter =
-# datepattern = ^Epoch
-# failregex = ^ failure "[^"]+" - <ADDR>
-# usedns = no
-#
-
-[Definition]
-
-# path to configuration of nginx (used to target nginx-instance in multi-instance system,
-# and as path for the blacklisted map):
-srv_cfg_path = /etc/nginx/
-
-# cmd-line arguments to supply to test/reload nginx:
-#srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf
-srv_cmd = nginx
-
-# pid file (used to check nginx is running):
-srv_pid = /run/nginx.pid
-
-# command used to check whether nginx is running and configuration is valid:
-srv_is_running = [ -f "%(srv_pid)s" ]
-srv_check_cmd = %(srv_is_running)s && %(srv_cmd)s -qt
-
-# first test nginx is running and configuration is correct, hereafter send reload signal:
-blck_lst_reload = %(srv_check_cmd)s; if [ $? -eq 0 ]; then
- %(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi;
- fi;
-
-# map-file for nginx, can be redefined using `action = nginx-block-map[blck_lst_file="/path/file.map"]`:
-blck_lst_file = %(srv_cfg_path)s/blacklisted-sessions.map
-
-# Action definition:
-
-actionstart_on_demand = false
-actionstart = touch '%(blck_lst_file)s'
-
-actionflush = truncate -s 0 '%(blck_lst_file)s'; %(blck_lst_reload)s
-
-actionstop = %(actionflush)s
-
-actioncheck =
-
-_echo_blck_row = printf '\%%s 1;\n' "<fid>"
-
-actionban = %(_echo_blck_row)s >> '%(blck_lst_file)s'; %(blck_lst_reload)s
-
-actionunban = id=$(%(_echo_blck_row)s | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" %(blck_lst_file)s; %(blck_lst_reload)s