You are here: Blog Fail2Ban


Fail2Ban is amazing. It is a python script that monitors the apache logs and if it finds something bad, it blocks the IP address for a certain amount of time.

Overall config:


Defining filter list:


Defining individual filters based on regex:


Defining ignorecommands:


You can test by using filters using fail2ban-regex <logfile> <filter> <ignorecommand>:

fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf

Or with an ignorecommand:

fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf /etc/fail2ban/filter.d/ignorecommands/ignorecommand

It will even pick up the ignorcommands already in the filter-name.conf:

fail2ban-regex /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf /etc/fail2ban/filter.d/apache-scan.conf

You can print the matches:

fail2ban-regex --print-all-matched /var/log/httpd/access_log /etc/fail2ban/filter.d/apache-scan.conf

There are a bunch of filters already available. It is just a matter of enabling them and defining them with a reach-back number (ie within the last 24 hours), a miss number (ie 3 strikes) and a block time (2 hr, 2 day, etc).

Since I've noticed that most traffic is through bad bots, that happens to be one of my favorites.


Contact Dak Networks

Please contact us at the following.