From 83f7fe4b8402bab171d110703a1b1115efbc9b28 Mon Sep 17 00:00:00 2001 From: Lukasz Kasprzak Date: Tue, 14 Apr 2026 22:32:43 +0200 Subject: cleaned up many scrits and deleted some that were of no use; renamed a lot --- .../etc-fail2ban/action.d/nginx-block-map.conf | 117 --------------------- 1 file changed, 117 deletions(-) delete mode 100644 straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf') diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf deleted file mode 100644 index 0de382b..0000000 --- a/straper/db/public/fail2ban/etc-fail2ban/action.d/nginx-block-map.conf +++ /dev/null @@ -1,117 +0,0 @@ -# Fail2Ban configuration file for black-listing via nginx -# -# Author: Serg G. Brester (aka sebres) -# -# To use 'nginx-block-map' action you should define some special blocks in your nginx configuration, -# and use it hereafter in your locations (to notify fail2ban by failure, resp. nginx by ban). -# -# Example (argument "token_id" resp. cookie "session_id" used here as unique identifier for user): -# -# http { -# ... -# # maps to check user is blacklisted (banned in f2b): -# #map $arg_token_id $blck_lst_tok { include blacklisted-tokens.map; } -# map $cookie_session_id $blck_lst_ses { include blacklisted-sessions.map; } -# ... -# # special log-format to notify fail2ban about failures: -# log_format f2b_session_errors '$msec failure "$cookie_session_id" - $remote_addr - $remote_user ' -# ;# '"$request" $status $bytes_sent ' -# # '"$http_referer" "$http_user_agent"'; -# -# # location checking blacklisted values: -# location ... { -# # check banned sessionid: -# if ($blck_lst_ses != "") { -# try_files "" @f2b-banned; -# } -# ... -# # notify fail2ban about a failure inside nginx: -# error_page 401 = @notify-f2b; -# ... -# } -# ... -# # location for return with "403 Forbidden" if banned: -# location @f2b-banned { -# default_type text/html; -# return 403 "
-# -# You are banned!
"; -# } -# ... -# # location to notify fail2ban about a failure inside nginx: -# location @notify-f2b { -# access_log /var/log/nginx/f2b-auth-errors.log f2b_session_errors; -# } -# } -# ... -# -# Note that quote-character (and possibly other special characters) are not allowed currently as session-id. -# Thus please add any session-id validation rule in your locations (or in the corresponding backend-service), -# like in example below: -# -# location ... { -# if ($cookie_session_id !~ "^[\w\-]+$") { -# return 403 "Wrong session-id" -# } -# ... -# } -# -# The parameters for jail corresponding log-format (f2b_session_errors): -# -# [nginx-blck-lst] -# filter = -# datepattern = ^Epoch -# failregex = ^ failure "[^"]+" - -# usedns = no -# -# The same log-file can be used for IP-related jail (additionally to session-related, to ban very bad IPs): -# -# [nginx-blck-ip] -# maxretry = 100 -# filter = -# datepattern = ^Epoch -# failregex = ^ failure "[^"]+" - -# usedns = no -# - -[Definition] - -# path to configuration of nginx (used to target nginx-instance in multi-instance system, -# and as path for the blacklisted map): -srv_cfg_path = /etc/nginx/ - -# cmd-line arguments to supply to test/reload nginx: -#srv_cmd = nginx -c %(srv_cfg_path)s/nginx.conf -srv_cmd = nginx - -# pid file (used to check nginx is running): -srv_pid = /run/nginx.pid - -# command used to check whether nginx is running and configuration is valid: -srv_is_running = [ -f "%(srv_pid)s" ] -srv_check_cmd = %(srv_is_running)s && %(srv_cmd)s -qt - -# first test nginx is running and configuration is correct, hereafter send reload signal: -blck_lst_reload = %(srv_check_cmd)s; if [ $? -eq 0 ]; then - %(srv_cmd)s -s reload; if [ $? -ne 0 ]; then echo 'reload failed.'; fi; - fi; - -# map-file for nginx, can be redefined using `action = nginx-block-map[blck_lst_file="/path/file.map"]`: -blck_lst_file = %(srv_cfg_path)s/blacklisted-sessions.map - -# Action definition: - -actionstart_on_demand = false -actionstart = touch '%(blck_lst_file)s' - -actionflush = truncate -s 0 '%(blck_lst_file)s'; %(blck_lst_reload)s - -actionstop = %(actionflush)s - -actioncheck = - -_echo_blck_row = printf '\%%s 1;\n' "" - -actionban = %(_echo_blck_row)s >> '%(blck_lst_file)s'; %(blck_lst_reload)s - -actionunban = id=$(%(_echo_blck_row)s | sed -e 's/[]\/$*.^|[]/\\&/g'); sed -i "/^$id$/d" %(blck_lst_file)s; %(blck_lst_reload)s -- cgit v1.3