înregistrare Logare
Puncte:1
avatar Server

Filtru Fail2ban pentru eroarea 400 pe nginx

drapel cn
Aron

Am un server nginx, găzduiesc un site web php foarte simplu (club școlar) și fișierul jurnal arată o mulțime de solicitări ciudate cum le blochez. Am încercat să folosesc fail2ban, dar filtrele mele nu au fost precise.

nginx-400.conf

[Definiție]
regex = ^<HOST> -.* 400 .*$

Jurnalele:-

    151.239.55.4 - - [13/Nov/2021:16:05:09 +0530] "-2\xBB\xE4\xF5F" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:11 +0530] „6\xEB\xB0\x10\xB5M\xE2m.\xD0\x93>\xF8\x1B\x82\xD8G2\xA97\xA97 " 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:12 +0530] „\x08\x15\xA5SW(\x809F\x85v\xFB\x8C\x84\x1Bx\xE6\xD6>\x05\x8 x9C\x12\xF0b<sVx\xF3\xCArP\x80\xBEy\xA1\xAB\xDA\x0B\xE8\xAE\xF0\x86~\x87\x8B\x05\x18\x9Eg\xD5\x99p06\x \x08\xAB$I\xE1\xB7\x8E\x05=\xE1\x1F\x12O\xA1I\xBC\xF9\x9F\xDA\x08\xB3I\xE6 \x1An|.\xFFB\xE6:N\xB3&\ xDB\x82\xD9\xFAF0j\x8B(\x9E\xDA<[2\xA6\xBEN\xB5\xB3\x92\xBET%>\x84?\xF5r" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:12 +0530] „f\x16ch]\xF5\xB5a\x02N\x17\xC6\xB0\xDF\xB8" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:12 +0530] „\x13\x9D\x8D\xA5\xFF\xD9\xF8\x84wi\xFA\xE2\xA0`\x00jc\x5Cr\x #\xE3\xDC\xBFO\xF9\xEE\x17\xDE" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:13 +0530] „.\xBC%|t\xCB\x95q\xFBt\xA4\x1D-\xEA\x8A;!\xFE\x1C\x8C4 \xA4!\xA7\xEBk4\xD2X\xD9~\xA1\xBE\xFF\xBA\xA8\xD7\x89K\xABSR\x15\x80\xC34zTg6\xEE{nr\xF9\xE6\xBF" "400" 16 "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:13 +0530] „\x17\x81\xB7u\x97\x8Fxzs\x88\xBD\x9A\xA3\x86TT\x8F\x1F\x95 x8C\xE8\x16q;q\xD0\xA6[FU\xD3\xA6ZK\x14\xE1\xBD\xBDX\x02I\xCDRY\xF0\xA2\x13@<\xCB\xF7,\xD9\x81\xD2\xAC \x05\xE9\x9Fn\xE2|\x92" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:14 +0530] „\x04\xAD\xCE\xF2\x0E\x85\xE9\xAF\xA0\xAE\xABS%" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:14 +0530] "hq\x924\xAB\x94\xDCI\x8DmU\x0F\xE3\x93X\xB2\xDA.\x96\xC6\xA6| 46\xB9v\xCE\x91W+\x07=\xE1\x81}\xAC\x0C\x8B\xDD\xCDd\x87\x00" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:17 +0530] „M\x8C\xC4*\xF0D\x99\x85\xD8\x88\xCD\x19a\xAF\xEB\xF8\xB2\ xEARp\xDF~\x8D\xAD\x8D\xFCPaT\x11\xCB\xA4#\x8CNP\x9E\xF5\xAF\xFD\xEB*j\x00DW\x1A@\xB7\xC8J\xF6\xB1\xBA\xEF \x0CR\xEF\x9AV\x10\xB3W)\xD5\xBB+&\xA0\xC4U\xA3*\xD1\x15\x8A\xCB\xB7\xAD\xC9\xE3l\xD2\xBA!\xFCNY\xA3\ xE4\x9EF\x91\xA5\x0B\xFD\x83Hm\xB0<\x9E\x07" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:18 +0530] "H>\xE1s\xA5\x83\xDA\xD7B\x10\x80;A" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:19 +0530] „\x11$nHC\xC5\x86\xF3\xC7;V\x0C\xF0\x93\x91\xAC\xE1\xDE\ x1A\xDA\x8E8USx\x14\xF9d\xBB\x99\xEC\xED\x87s\x99\xDA\x80\x9C\x17\xCBP\xAC'\xC8r\xCE\x13\x1F5d\xF6*U\x89t \xC6\xD0\x1B\x84\x16\x0F\xED\xD8nJ\xAC\xBC\xB6\x02" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:19 +0530] „\x1E\x1EK\xE9\xEFt\xF7\xD0\xA0?\x9B\xEC\xDD\xEFp\x03\x03\xC3 \x1F\xD2\xED\xCFK\xB3\xE3{[^i\xBD\xCAe1Db\x8C\xA2\x93\xA2\xE9\xFE!q\x8EI\xB8\xB0\xB1\x81R\x05\xE9F#\ xEA\xB30\xE1\xEB\xBA\xC6\x1D\xDC\xAF\xC9l\x950d\x9C\x07\x0F\xE4]\xEEt\x99\x02\xCC\xE7\xD5\x87\x9C\xDA\xDE \xD38r\x8A\x9B\xEA\x83\xAD\xA0\x88\x18\x8B\x0BY\xA4~\x1DYAk\x9A#Q\x85\x0Bj\x98\xA4H/?\x83q\x87)\xF9C\x \xD3'U\xB0~4\xBA\xBF\x8A&\x89hX\xB8\xBDz6\xAD\xFC\x16o\x82\xD5\x90\xAB]\xC6G\xFBA\xF2\xCB\x0C\xC87\xEA: >\x8F\x88>2a\x05\xC6\xA2>\xAEf\x00\xFCD\x08\x86\x8BD\xE0;$9%{YP" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:19 +0530] „g\x15I\x1D=q ?\x98\xA2\xDA.\xFA\xCE\x8B\x94\xAE\xDAW\xF6dW \xA4\x9At(\xE2Xi4\x11\x0C\xCB>\xFC\x14\xB7\xD2\xEB#\xBC\xD47LN)\xA2W\x8B\x10\xE0lc<s\x10IO\x89\xBBx\xB4H \xB8\xB4 \xEE\xCBP\xD0U\xAC\xD8\x06\xDF\xDCv\x1B\x81\x1A\xEB\x88\xD8\xD3 s\x9E1Di\xB1.\xB6\xFA6Q\x9C\x90\x88 <\xFB\xF5>u\x1CJw\xF7\xC1:\x9F\x81(\x11ap6Z\xBB\x8A\x9E\xC1\xC7\xBF\xAA1\xB3N]\xE53\xCD\x8F:4B\xEFI\xF6 \xFE'[\xB8\xAF.\x84\xDFhF=\xC2\xA1\x16\x95w\xCF%\xCC\xFFw\x89\x10\x9D\xB0b9\x12\x9D\xEEGs\x1B@`\xB0\ xF5\x1D\xDF\xC38S\x1A\xA7J+\xF5\xF4\xC6\xE9\x83z\x10\xC1S\x836\xC0\xA3\x05\x88>?8\x0B\x06\x94&a\xB4 \x1D\x84\x8E\x13\xF4\xB0NR\x87\x14a~\xC9\x93\xD8-\x82M\xCA\x97\xE0\xD3\xB8UK\xBD\xD4s\xF2\xFE\x960\xCA\ \xDC%\xC8P\xB1nP\xEB<\xDB\x97\xCDx\x97\xC7\xDC4ZL\x88\x94\xF6\x81\xAA\xCD\xE6\xDFc\x90\xB2\x07\x85\x1B]\ x87S\xFE\xA8\xAFz\xBB\x83\xCB+\xD2\xF3\x87\xF6\x8A\xD6\xA08\xBA\xB3\x00\x1B`\xFFq\xAC\x91/7~\x93j \x00f\ xB2\x14\xDCH\x99\xC4.Z\xC7\x22\x22M\xE9\xD9N\x1CZ{\xD 6p:\xD9\xCBW\x09\xBE)\x84" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:20 +0530] "]\xEC\x02\xC1\x00\xF0\xB8Y\xE4\xE9" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:20 +0530] „X\xBCx\xA3\xBB\xFEc\x0CE\xD5\xB5\xE4\x86\x02\xDABE\x1B\x0E\xB8 \xCC\x95\xBDp" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:20 +0530] „H]\xCF=r'\x15\xD7\xA2|8+\xEC\x14\xA2\xB5\xF5\x07\ xC8\xAEm}\x82" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:21 +0530] ":\xA7RZ$\x95~Yo0\x80o7T" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:23 +0530] "\x13\xA6\x8Ei" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:23 +0530] „i\xF5\x9F\xB8@\x15\xAE\xE8b\xEF\x80@\x86\x5ClS}\xBC\x86Y\ xD9\xC6\x05\x8C\x0B\x99N\xF1\xA4\x09G\xE4\xBD\xD3\xEF\x14\x005\xE4\xEC\x5C\x86\xA8-\xCF\xE4|2\xB2\xBE \x97\x7F\x135)\xAA\xC0\xBB'\xB6\x92\xAC\x9Dd\x87\xE6\xA2\x09\xF3\x91\x0BX\x00\xD2x7\xBD\x83\xABJ\xDC\x05 \x08\x89'\xCA3g,\x14\x04\x1B\x1A\xE1\x1A\x9D\xBC\xF9\xA3\x84\x0EGq\x81%r\xFEX\xB71\xEC\x13\x16)\x80H\ xEEo\xD4'\xF8\xCA\xDB\x9Bx\x1Ex\x07\xB7\xA6\x82\x15x\x1B\xF9U\xB9\x91\x1Ay\xF2oo\xB3\x86SP\xBFt\xF3\x1> xD8B\x9DM\x83f\x13\x8F\xFB\xC7@\x7F\xB1\xCF\xC90\xCCy\xE2\xFA3\xB7,08\x99\xA3r\xE1\x09\x12e\xEE.\x94\x98 xE8;i" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:26 +0530] „\x03;z\xF3\xAC\x85`[\xE7\x99" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:26 +0530] „w\xCA<\xC6p\x80\x86|+\xDD\x1A\xB7%\x08\x03\x07\x8E\xC7 \xF6\x89O&Fl\xF3\x13\xD0\xDF?\x03\x05\xEC\x5C\xB7\xAD<\xD3Z:\x90$\x8D\xB6\xC7\xF0\xB61\x90A\xE0\x81%i \xE9c\xB6\x9F\xB6v\xE2\x0E\xA9G\xBD\xE6\xB7\xA6\x00\x19\x993\xCCR\xA1\xAEs\xD9v\xBCMw\xC0\xBDv\xFC\x02E \x89\x15\xAE\x1Fn\x01E\xF2\x8F\x907:\xD30\x9A\xB1\xFEP\xF1G\xB6\xE0\x86\xA6\xDB\xE8\xA7\xDEA\x15&\xA7 x81\xF3\xE7\xAF\xD7\x8F\xE6\xB7\x80,\xD1`\xF8\x09\xFD\xB1\x85D\xC1\x828\x5C\xCCT\xED\x95@W" 400 166 "- " "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:26 +0530] „Q\x17\xDCKn\xC3\x01\x13\xCD\xDC\x8B\x84\xF6S\xCAs9\x93_\xF6=\ xA7\x1D.i^d\xB5\xB9V\xEA\x1E\xB3!}\xDE\xA6\x07\xBC\x9B\xDA\xC4[q\xDC\xBD\x0C\x18\x11\xD3\x91\ xA8\x05\xA7\x0E\x13K\x8A\xB6\xC9\xA3hp\x9A\x87\xD8sS\xF3\xFF\xC8b\xDFz\xC5aY\xD6q\x8E\x05\x9A\x91/x91/x91 xFCl\x8F\xC1,\xA1W\x8Dq0\xE6\x97x\xDE\x03\x1A\xD4,\xFC\x90\x22\xAFG\x8E\xAC\x86)\xCBE\xEC;'\xFA\x80\x11 \x8F\x15\xE1\xEB\xE4\x04V\x9E\xD6\xAE\x869\x99\x91\x13\x11\x98\xBF\xA1b\x9B\xD2>\x06\xDE\xE2\xB3f\x92 x98\xDB\xDD\x93\xBE\xF7\xBE\xEF.\xFE\x94\xAC\x9A2\xB5x=\x8Fwi\x8F\xD7N#\xE1F\xA5\xA9\xC1sl0=\xC4\x95Z\xBA: \xD4\x85\xE19\x02\x9B:\x0FlcL\x1C\xFBN\x9D\xF4\xF5\xF8L\xD0\x8D\x08\xC5*i\x97F\x92{k\x93)\x90\xAB\x \xC0K3\xD0\x1E\xEB5\x14\x16OC\xC2\xFB\x18\xAF\xC4xf=B\xC1\xD8\xF4\xDB\x12A\x9AT\x17\x18C\x1E{\xDD\x14g \x0B\x5C\x13?\xF7{PP\x973\xE3WuD'\xF2\x92\xD45\xC0\xBB\x00nK\xB8\x8Ed\x02\xA23\xA3\xAA\xC6pP~u\x04x\x04x\ \x90\xE0\xE9\x10\x10\x7F\xCEu\xEAR\xD6WTC\xCDV\x1AB\xC2-\xCC\x9E \xA6-\x1A" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:28 +0530] „k\x9E\x93\x13{;\xCA%\xBDt\xF2\x83\x1A\x82\xC7Z\xB3\xEDL; 9\xC8\xB9\x8D\xEC\xA5\x08\xB2\xF0\xCC\x16&\x09r\x1F\xE1\x1F\xA0V(\x1FY\xC8\xAC=>\xF2\xF7\x8A\xA7\x7 \x1B>\x93\xB8\xDB\x8C\xE5\x12\xBC@\xFD\x8DmQ\x84)'0wko;cH\xF8\xF8\x95\x885\xA1\xC7\x14 \xC0!\x90o\xC9R !\xC38J1o\xB8\xCAfF\x99Z\xD1\x9E\xAB&\xF7\xCE6\xCE\xFE6\xB9\xCC\x85\xA3\xF6\x14\x09\xDD\xBE\x19\x05\xB9\x x17\xEC\xC7\xB2X\xC2\xEA\xEA#1\x88\xAB\xEA\x8B\xB6\x89\xB9\xCC6\x85\xFE\x18\xE9\xFD\xB4\xA48pR\xB2\x0CA\ x97B|1" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:40 +0530] „Y\xA8\xCD\xC5\xB5'\xC6o\xEEL\xEF\xDA\xDA\xEA>(" 400 166 "- " "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:41 +0530] „H\xD0\xD7\xB4\x14lR\xF3\x1D\xFA\xB4O\x98\xB9\xB0\x840K\xA3\x840K\x \xF5NA\xB1Yv\x17\xF0\x13H\x10\xA0\xE6\xDBT\x04\xBF\xA1\xDB&\x1Du\xE8\xB4\x9B\x95(\x9EA\xC0t\x12K "-01" " "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:41 +0530] "\x1A[\xEA" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:44 +0530] „\x09S\xA1\xC6\x8C\xE5\xAB\x18\x8E\x08\xFB\x9B\xEFm\x84\xB5/ \x8A3-^k\xF6\x89Y\xB9\x05\xB1\xF6\xA2\xEBF\x0B\xA4B\xCDG#\xE5\xD3\x81\x1C\xF0\xAF\x90QF\xCE\x89" 400 -" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:44 +0530] „L_\xC8^\xF9\x09\xFA$&\xD3\xABi\xC8\xA4\x01\xB9\xD5T\xE9^ \x12i\xC2(\xDDzLs\xDF\xC1\x89A8\x10Z\xDDK\x1FN\xAD@\x97V\x5C\xDDKL\xF4E\xD4e\xE6\x9D\x22\xAAZ\xEB4\x10\x10\x10\ |\xFC\x1D\xEA\xA4\xE4\xB0mbB&G\x10\xB8l\x97K\xA5\xE8\xA6\xA5\xE0\x83[o\x93\xD4\x5C\xEE\x94\xBE\x05^A\ xBAd\x98~\xAEm\xB4W\x9E\xFC\xCE\xBA\x9D~K\xC10\xDE\x02k\xA6\xC3\xE5\xA1\xA6m\xAE{i\xB8\xD0\x8A:\x9E * \x80\xF7\x01\x16<\x8F\xD8a\x8B\x09\xCA\xF8\xF7a\x17\xEDe\x802\x98\xE6p\xC4k\x88\xC0c\xA6\xF2\x19\x60 x83\xCBl\x8C\xA4pk\xB5\xD5+'5\x9Ae\xF2\xCC\xDE\x93\x87\xCA4\x8CaF\xB3\xFDh_\xFA{\x0E\xD5ci\x8Fs-\xAE\xC8 xD9\xEE\x0C\xBE\x9B\xA9\x0B\xC8#\xC8\xD5\xCDe\x19\xAF\x9C3\xA5\xAF\x01\xB6N\xF3\xB95[\xF2r \xB9\x83a\xB9 xC4\x8F]\x9DZ` \x9D\xDD\x8A6YYNZ\xE2\x03\x86+\x95Yu#n\xAD\xC1\xA0\x0B7\xCEa\x81R\xCC\x1D\x91\x0E|\x88\x1 \x8C\xC9_\x8Et\xE7\xBC\xAA\xFF%\x98\xFC{%aX?\x85\xA4\xA1\x13\xF6\xC2\x9D\x8A\x9A\xD5V\xE7\xD4H\xE8\ xA3" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:46 +0530] „N\xAE\x13&\xE3v+\xA2&S{-\xDC5k\xD1\x1B\x96:[\x1C\x92J\x18\x18 \xA4W\x96n\x11\xA0\xE7\x8Af\x92{ya\x0C/\xA0\x0B]" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:46 +0530] „D\xD0\x5C\xCE\x93\x82\xC8z\xBB\xD9l\xCEo\x15w*o\xF2\xF9\xA9 \x96\x0Bk\x99\xA1\x1B\xB9\xA5\x1Fg\xC6\x83#\x10.[w!\x0B\xD7i\xD4\xE7\x0B\xCD\x91s\x0E\x22)J\xF3\ xF0\xA7\x98\x1E^\x83f\x93\xB9\xCFg\xDBYl\xD5\xBA\xF8d\xA8\xEA\xD6}\xB8\xF8\xFD\x87\xC1\xC3,\x5C\x8C^\ x087wN\xD5\xC7\x10\xD7\xECF*ZC6\xDAjK\x80\xBD\xA6%\x1C\xBC\xD6\x1DU\x16\x98\xBBd\x8D\xF6\x02\xA3W7k\xA07 \x9DQ\x8EA\xAA)x\xB6\x9C\xFB?\xC4\xB6\xDB\x0CQ;cL\xF6sr^8\x85\x14\x1D\x95" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:46 +0530] „!\x8CK\xE3\xE9s\x83\xE5@\xECR\xF8K\xA0\xE1\x14\x83%\x88(\ x5CIK\xC2\x95z\xDBL%\x865\x12N\xF2\x1E\xBF=f\x9A\xEA\xF4\xAD\xDA\xB3\xA7jB=\x84\x048\xDB\x8E\xA9c:\xA5k \x12\x983\xC5\xD1Y\xB4\x872\xF6^\x18\xB8u\xCC\xDE\x9C\x9E\xF1\xA6\xD5\x0C\xE9\xDA\xBF\xB7\xE67r\xFA\x08 xF6\x1A\x97\xF4\xA7$\x06\x9C\xE1\x0Cf\xEF\xE7\xD3\x16\x09p\xD5Zk!$\xB6\x7F\xD6\xF8\xAB\xDAh\xF6\xEEl\ \x1C\xF6\x16\xDA\xB6\xF7\x1B\xA1\x95\x8Er3\xA0" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:47 +0530] "%^" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:47 +0530] „Z\xB5~\xF5{\x1D\x1A\x05\xAB\xEA\xAF+Awn\xB2\xBA\xDE\xBF7 \x82%\x17EWv\xA2\xCFK@g\xC9;/y\xA1|V Xc\xF6\xA4\xB7\x1D\x09\xDE\x10x\xAA\xA9\xB6\xED\xBD4\xBC@\xC0 \xAF\x85\x92M$\xBF?\x0F\x22\x84\x95\xFF\xAA\xB50F\xD7:\x04\x05y\xD8\xA8\xE2\xAB\xCB\x18\x1D\xB4 \xEF\ xB6o\xED\x8AwyMK\xE2Pn\x87o\x8E\xEF\xEB\x98\x9Dw2r\x88\x10ioI\x80/\xA7+\x03\xD4\xD2w\x8E\xEB\xE4Bx5\x0Bx8\ \x0B\xEB\x9A" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:47 +0530] „DR\xEEw\xEFO\xDC\xCC\xEE\x90\x91\x90\x8F[x8\xFE\xC66\x16\xCF \xEB\xAA" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:47 +0530] "j_m\x0Em\x19{*s\xD5\xA7\xCA\xEBP\xA2u\xFB9f\x04F\x04X\xDA\xAF xF3.\xAC\xA2\xCCCq\x9B\x18w\xCFC\x8F\xDD\x0Et\x03\x1A23-\x05\xFD\x82\x14-\x9F\xB9a\xC0\xEA\xFF\xD7:h\xF9 \xFE\xA7H!\x81\x09\x16\x10I\x1B\xE9\x167\x06M,\xB7\xDE\xF4\xAF]N\x19!\x1C\xC0\xCAth\x189\xCAa\xED\xF6\ xA2dq\xF3W*\x1B\x0B\xB3\x11\xC3\xD9!6\xE2T\x83\xE9\x07gR\xE5\xE0\xBD\xBA\x14\x02\x0C8h\xAA\xBF\x0E\xF \xE9c\x82\x18\x10\xFD\xE7\x06#0uX\xDA1\xBE\xEC\x99x\x04\xB9H\xB4\x92\xE5N\xE8\xEF\xAB*E\xACy\x9CI\x86z\x1 ]\x8D\xD6'\x89\xC77\xE1\x1DQK!\xBB\xA2\x0E\x06\x18\x91\x08\x92sX\xD6K3\x1E2z" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:48 +0530] „\x01I\xDE\xC2,\xBC\x02\xC9J\xD0\xE3\x15\xF6\x1Ap\x9Cd\xE8\xE8 \xF8\x0E\xE3{D\xCDu\x9FE\xB8\xCD\x85\x98\x90\x22\x0B\x8D\xF3\xBE7\x8F2'K\xFFO`\xF5\xFE\x1FX\xBA\xF0hYq\ xC2>\xEFQ\xB8VH\x96\xD9\x03T\xFC" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:48 +0530] "=,W\xDBi\x0F\xE2\xF8\xE0\xBCW2W\xAB\x95h\xE2w\x0F:\xD7\x99\ xC7\xA4\xAFe\xC8\x85\xE8\xB6\x82h\xBD*\x12!\x11\x1C\xCEI\xA5\x90h\xEE\xB5\xB4\xAC\x01\xD0\xD9\xCFY^r\ x7F\x83x\xD0;\xAE!\xBB\x8F\xA6\xDD\xC7\x9E\x09U\xD4\x1A\x0C[\x17\x03k5\x07\xC0K\xD9\xC2\xEEYOT\xA0\x8F \x04 =\xA7\xE8\xF9P\xC1\xE6\xC4\xFBx\x1F\x8C\xBB\xD6\x90\xC8e\xE1\xE5" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:49 +0530] „b\x85.\xFD=MYk\xB2\x8CU-\xB48^\xB4\x8C\x0E\xF0\xFD\xD1\ x13\x01\xB7bV\xD2\x10\x9A_'P\x06\xFDiMq\xE4f-\xCB\x8E]\x82\xBA\xEBf\xBD5\xB0r\xBF\x83\x5Ch\xD3;\xBB<\xB xAD\x8D\xA0\x8B\x1A\xCC\x8B\x05-\x88\x11\xAC\xA6|)\xC1\x84\x95\xCF<\x84\xB1{\xA2\x87}\x91O\x14\ xC9\x1D\xD2\xAA\xAB" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:50 +0530] "\x17'\x87\xAA\xC9\xDD\x86C\xDF" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:52 +0530] „`L\x90\x95_\xAAwO\xE9\xD7\xCC\x12f5" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:53 +0530] „\x0B\x9C&\x11k\xD7l\xC8\xC3\xDF\xF8\xD1\xB6x\xEC\xCD\xA1:\x \x9AgK`\xF6Li\x92\x0C\xCF\x88B\xC7\x84\xA0}.\xFC\x5Cd\x1F\x99\x94\xE9\x94\x84<7\x96#\xD3\xA4a\xE6P\x \x8C\xD7\xB4z\xCD\x0E\xDE\x22\x09\x01\xE8B" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:57 +0530] "=\xD6\x06\x93$\x5C\xED\xAD\xCD\xD8\x22A\x19\x8Ey\xDB\x9B\ xD2\x9A\xF9\x83c\xD2<\x1A\x10\xD9\xFF\x06\xBD\xC3\x95\x1Ch\x15\xFE\xB8\x93\xB0`$uJ\x970=\xEA\xBB2\xF2 \xCF\xF6h\xCD," 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:58 +0530] „iU\xBE\x99<\xDC\x81\xF0\xD6\x22$/\x9EO\xC19g\xA8\x97\xB2i\ x91iZ\x11>\xCC^\xC8\xBCP\xE7q\xB3y'\x9C\xE4\xF7\xFE\x1A\xB4\xD9\xA8q\xB0\xDD\xB3\xE7\xE4(\x04E2\x17\x x0B\x8A\x99\xAB\xFCN\x13" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:59 +0530] ";m\x17\xD5\x05\xA5Fvr\xA76\x8B4[7N\xB7v\xB2\xC2\xE4\xA3T\xA3T\ xE3@)\x5C\x0C\xAB\xEA\xBCt\xCF9`\xAA\x86\xFB\x02D\x0Cs\xB4\xD9\xA3Or\x9B\x85\xDE\xA5\xAC.\xD0\xD5\x08s\ x1C\xDEx\x87\x9E\xD1T\x8AaJ\x9DS\xDB\xAA[}\xE1\x7F\x0E\x9B\x856\xBFg\x82\x9A\xAB\x9C\xB6\xCB\xF5L\x87\x xE9w\xA5x~)\xFE\xEC\x8D\x12\x22~\xA6\xF1?\xC4ccQ\x85\x09\x09Q\x91m\xE8\x96\xE7c\x92B\xAE,\x800\xCB\xDA \xD9\xFA\xCD\xD2w\xFE\xF7fa\xE6\x8DV\xFFF\x0F\xB8M\x0B\x15D\x9A\xAB8\x8C\x08\xDD\xBB\x10\x1D\xFE\xA1:;=Q0 \x8B\xCD\x0BY'P\xBA\xFD\xF3\x92v\xC3\xFE\x1D1T4" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:05:59 +0530] „U\xA0r'$V\xB6\xC3\xC7\x13|y\xA2\xED\xB2WE\xB3\x13\xDA\ x1CDd7\xF4S&\xE3\xDCp\xA1IM\xC4\x03AU\xD9\xDF\x0E\xDB\x0F\x88\xB8\xEC\xB8\xCE\x9E#G4\xFDL\xB4\xE4\x0B\x95\x0B\x95\ [\xE4D1\xAA\x97\xD2\xF9W\x95\xAAA\xD9H\xDD\x07\xF7\x88\x02\xE7T\x8D\xB2\xEA\xCD\xA7\xB2\xEC2\x9D\x8Ae\x xEE\x8Fa2\xFD\xAC\xFFK,_(r\xF7<@\x7F@W@\xFBE\xBB\xAE\xF1\xDE\xAC\xA3\xD6" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:00 +0530] „^;k\xF3sa\x13\x10\xFB\x17\x1A\x89=\xEF\xEDd\xA9\x22\xF3B\ xB7\xEFQ\x9AE\x96\x19\xD8\xBE\xD5R\xD2\x1DM\x91\xACV\xC1Z&\xA0" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:00 +0530] „BF\xBFOo=~\x7F\xEDkE\x10XED\x8A$\x9C\x22\xC5\xCE\xC7\xF2'\xF3 \xBC\xBD\xA4\x925?\xC8\xFE\xDBW\x1E\x8DW\xD3\xFB\x85\xF3aM\xA9\xEA\xB4\xF3#\xA0S5\xF04" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:00 +0530] „9\xF0\xF2<1o\x84L(\x1CX\x22h,{\xD8\xD5\xD6\xB0\xE8;\x84 \xD8\x13wXG\xC7\xD5G\x08\xF2\xAE\xF2\xDAk\xA3Y\xFD\xBA.\xDB\xB8\xF0\xF5j\xFEX\x93-\xD9:*\xFE\xD9\xF5\xB9 \x16U\xBF<\x1A6\xF2s\xA5\xFE.7\xED\xBB\x12^g\x07\xB8 \xEF\xEF\xBE0\x1A\xA0\xF8\x93\xC2\xF2)\x1B\xDFbF \x12t\xE5b\x19Y\xEA\x8A\xD8\x1C\xDD@\xEC3Q\xB5\xE9\x8C\xB7\x1F2\xDBs\xBFME%\x13\xAFn\xB3\xD9\x03N\xD4`\ xBA\xCE`\xE4\xEE\xFA\xB5u@\xE6\x18P2\xDA\x14(uS\x89\x0F!\x03 \xEB}\xD4\xED\x89\xD9\x09769\x9D\xF3\x9F\ xC4\xE5\x87S\xFD\xE1k\x83H\xF7\xEE\x93\xE2\xD4\xA9\x96\x8E\xA2AE\xEDf\xE5\xFB\xFC\xD2" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:00 +0530] „E\x1F\xFDGXN\x8FI\xF8<\xAD~{\xE0T\xD6\x8CK\xFE\x89TR\x9E7\xDB\ x05\x8A\x0FJ\xD9\xBD\xB5\xBBl\xB5\x06Z\xB5F3]\x90\xBF`\x91\xC7\xCE\x12Ak\xCEt\x95\xB0\xA7\xA5\x95e\x) \xC0B\xC8;\xD6\xD4\x86Fv\xBF\xC8\x0B\xC2\x0C\x9A\xF6~\xAFC\xE7\xF1\x92E\xA9E\xE5\xBC\xA7\x1B\xE4pAUx\Ax \xA8\xC1V" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:03 +0530] „|\x85\x87\x91dn)\xD1\x83\xE6a\x5CvA\xDB\xE9\xB6I9b\xA35\x xECR\x7F\x91i\x99!,B\x8E\xCF\xD4\xF9\xDD(x\xCB\x9A\xEC\xDEF\xE0" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:05 +0530] „\x11\xCFQ\x86\xEBL!\x9C\xFF!\xDE\xCD\x92\xDF.\xDB~\x7F\ xCE\xF0\x9A\xDA\x99F\xCA\xB1\xDA\x8C\x15\xDD\x0E\x9B\xA0\xC6u(\xB4\x04s\xB4\x0B\x05\xDF\xEB(\x1E\x85' \x7F\xB5Q\xEF\xD8\xE7\xA6l\x5C\xC1\x16o.G\x193AwxO\xD6\x09mks\x17\xB6\xDE\x98\xF3Rt\xC9\xD3\xF6\xE71~L\xE7 x11\xA8\xF9(q\xE4\x15=\xBD\x8C\x92\xC4\x94s\x0E%\x0E\xB0,\x84]\xBE\xF6mn\x0B\xD2L\xDC-\xDC\xF5\xC3h \x85J2\xE2\xAA\x90\x80g\x22\x0C\x19\xA0\xE0/\x12}\xE1pA/\xF1\x01\xBD\x8DG\xFC\xE9[47\x12&\x22\x91\xDE* \x94\x18\xFA\x85\xCC\x8Blgo" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:06 +0530] „\x11\x0F\xDC6\xA8\x83\x8A\xCE\xB4+u\x0BSx\xFE\x9A\x90J\x0B[ \xDC:\x9D\x9E\x8E\x19\xDC\xC8'`\x89P\x14\xB3Qyy]O?\xC0\x15\x89\xEC\xF4_\x5C\xF6\x1A\xC2\xDD\x133'% t!\x91z\xFA\xEB\xDA\xFDLkLK \xC5\xCEa\xC0(\x8C\xDD\xEBS\xA5g\xE1[f\x22\xD5\xFF\xF8#c\x94#\xF8\x13\xA6 \xCAi\xD5\x82,b" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:07 +0530] „L\x93\xA6\xCE\xA8\x1C\xE8\xBB;\xADPc\x15\x5C\xE0u\x91\xBAH\ xA6\x0C\xED\x94\xD9\x95\x1En\xDA?p]\xF0^\x22U3\xBB<\xD0l:\xAEn" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:07 +0530] „\x19\xFD\xAD\x00i\xC4\x04+\xE5\x96I]V\x1E\x9D\xAA\x1ADW3}~\ xE6\xED\xAE\xDE1\x10\xF7\xD5\x13\x0E\xBB\x8A\x84\x8D\xFF\xBB\xDB.\xEF\xBD\x80;\x8C\x9A:\x01\xFA\x15 \x9B\x93\xBEk\xEB\x1F\x143&\xD2\xD6*l\x0B\xA6C\x8B\xBB\xD2\x17\x97\xCD5\xB5\x96\xE8\xEC{\xA3\x84\xEE\ xE7\xCEV\x91\xCD\x0C\xE9\xFD\xEB\xC2g\x16\xA8}\xE7\xACaZ\xF9\xDC|\x01h\xD1\xCE\xE8\x22r\x9C\x1AW\x04\xE25 VOY\x89i\x8D/\xF7\x9FE^\xB0\x5C\xA7f\xB9\xFAo2`\xED=\x11\xFC\x89}\x90\x98\xD8\x0FKv\xA1\x96!01\x9D\xCC \x9C\xDF@,F\xFD\xC2\x8F!\xC1Y\x84)\x5CY \x22\xAD\xD2\x94d\xD8F\x16\x9D\xE2\xD1\x81\xEC\x16\xF6\x8E5\ x09\xCA.\x8F=(\xC5:d\xED\xA4\x03U\xD5\xC5,\xC1?@\xE0\x09\x8Ft" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:09 +0530] „B\x8E|\x1FR0Z\xF8i\xACd\xCA\x98\x90\xF6F\x0C\xE5\xB9\xF6\x96 xE2\xF3<\x04!\xD9\x13\xA5`#\xD1;\x03%j\x7F\x88\xB6\xE5 \xF6;\xF1F9\xE2\xD3%\x99\xDD\x1C7@}U\ xD0'w\xB2" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:09 +0530] „\x14G\x8F\xE9Yc\x1DG\xDC\x9178F*\x18\xC1\x5C\xFBQ\x03VpxR\xDCA\xD \xFA\xD5\xB8mQTz3\x9F\x0F\xD0F\xA6\x9E;]\xAA\xF52\x06,=\xCD\x1F&\xAE\xB8\xD1\xA2\x97#\xD3\xB3\x22@!\! x0B\x95\xCD\x98\x96\x94,5^\x87\xB5\xB4\x15\x98\xCF%\xE4\xA2\x16\xF4L\xFA\xE25\xA7\xE4\x05\xC0N\x1F\ xD3\x82\x9Eg\xAA\xA4[\x95\xF7}\xFF\xAA\x1D\xCA\x7F\x85\xD2^\xA0\xC1\x9D\xC9\x9C\xFB\xA6\xF8\xFF\xCD \x81\xD4Vlw\xCF@\xF3\xF7r\xE9\xD85S\xF5\xF6\xDDSn\xE9\x94}Z\xA3\x073\xEB`v\xA3%\xB0\xE3\xCF*\x9D\xA6\ xF4\xB6\xCC\x19G" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:09 +0530] „O\xE1+\xCA\xF3\xCBr\xE1<\x0F?a\x06x\xF3Z\x86\x80e!L/\x85 \xCF\x9DZ\x04\xE1:\x1A\x08|\x18\xC1\xF9\x1Es$\xFB\xA0\xE3\xD5\xFB\x80c\xD2\x92Tf" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:09 +0530] ";J\xC0\xA8p%\x1B\xF5wc\xEEj\x1B\xD6\xE2C+8RZ\x8A\x832\xE9o \xA9\xDEBY\xF4\x85\xC4T\xF3\x1C\xF2\xCDU\x9DIx\x1F\xA7\xFA\xA8r \xB48\xA5R\xA2\xB9\x8A\x8D\xA3\xF2\Bx17> xB1\x1B\xA6'\xE0\x81\xB6jMN" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:10 +0530] "g\x07\xD1@Y\x87\xD9b\x11#2\x0FG\x90\x11\x0B\xDCj\xEA\xE4 \xB3\xF0\xC5\x99\xB8,\x12\xB3\xC8\x01<\xED\xE7\x14\x1C\xE1/*i>\x0E" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:10 +0530] „b\xBC\xEE\x14\x10C\xF7C\xCF\x83\xFE\xE3\x15g\x22\xC1\x83\x92 \xD9\x14\x9F\x85\xA1c\xE5\xA7\xDF\xC6\xCA\x96n\x22\xB5sm\xB1\x07\xA2\xA0\x9A\xC1\x9E2\x8A\x02*}\x9F: \x91\xD6\x95\x88\xDE\x9Ev\x1D\xA8\x9A\xAF\xA9\x15\xE8k%\xEAC\x1C*\xCB\x8E]I\xE2\x96\x86:'@\xE7qY\ x0EU\xA4\xFD\x19\xEC\x22\xC6-X\xB9\x0C\xB3+p\xC7\xB0\xD9\x13\xE6A\xB73\x98\xA9NN\xDF\xA7\xB6S\xB5\xF3\ x93=\xA3\xE5\xB6+\x96\x92\xD3<\x0E\xFB\x0F\xFD\x00\xA4$\xA8\x1F\x7Fq\xAD\xA70\xCF318\xE6\xC4.g\xF81\ \xCF\xC7<\xDC\x15!\x8F\xAB\x06\xFE\x7F\x86d\xBA\xDA\xCA2\x86\xC3HK\xED\xE0v\x83>\x80\x1B+\xB9\x10MC\xEC\ xD0{$W`P\xF04\xBA\xDC\x82\xF2\x96\x8E" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:11 +0530] „L~t\xF2{\x9D\xD9=\xE2l\xE0\x0E\xE2\xEC\xFDYE\x8AT\xCEU\x05 \xDF\xBFXI\x98\x9A\xB14\xD1\xC0b&\xF83\xCA\xE0\xF5\xC3\x8Fy\x13\x90\xA1\x80J\xB4r\x88\x0F.\xF2\AxA9\x K\xC9\xF7\xE8\xFA\x0C\xB3\xF2\x06F\x02\xA1\x80\x91\x861$X\xA0\xA6J\xD0R\xE7\x86\xB6V/\x0F\x84w@\x9 xBFb\x5C\xFA\xFF\x8D4\x8A\xBCK\xEE0\x12\xBBX}\xE4ZRb9H!\x83\xABK\xDEa\x88Q\x19d\xD2\xD0X\xB0Hr\xC1\x12CF\xAD\x12CF\xD2 xAA\xEF\x05t\xB3\xC8\xB6ct\xF2\x96t\xEC\x10(\xCFD\x0E\xEB\xA0\xC1\xE3c\x8E\x85\x8D\xF5\xA3Bm\xE3\x95\xC6z:\x xBF\xE9\xB1}\xF7x\x86\x93\xE6\x1Dk\xAC\xB2t\x5C)\xBD\xD3Tm\xDFn\x94\x85\x14\xBC \xE8V\xB8\xC1\xEF\xFE\x xE4zo\x99\x8BA\xCD\xC9\x0E\xA5jY\x84\xB5\x1C?.+\xFC\x89 \x9A\xA6\xEE\x82w\x8D/\x9B(-\x169 \xB0\x05[\xE9 #\xC3\xDD" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:11 +0530] „iM\x1E\xCA\x80\xE9p\xE4\xCD\xF6}y\x04\xF4\x16\xF9\xD6\xF7 \x0E\x0E\xBD]2l\x8C.." 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:11 +0530] „`?E\x06\xC1|F\x8D\xD2\xDFG\x5C\xD0P\x82\x9F\x80\xE0\xC7l \xD70" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:12 +0530] "_\x98\x90\xFF\x09\x1Fk\x15\xE5$)i\x5C_\x94$\x1B\x10H9\x00d \xE8\xFFD\x0F\xF0\x8C\xD7$\xBCU4:Uv\xC2\xEE\xF4o\xB3\xF3" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:12 +0530] „5\x8Dm^\x9Eh\x8F\xBCv\x8D\xA7\x9B|\xCB" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:12 +0530] „v*^\xEFU\x8F\xC1\xFC\x13\x95\xBE\xA1q\x9A\xB0F\x1C\xB4\xE8 \xC3\xDB\xE32\xB5" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:16 +0530] "t\x09\xAE#~\xB2" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:17 +0530] "s\xE7\x16\xEF\xD0I\xA7\x01\x1C\xEEO\xAA\xA4\xBF\xAD8\xBC3@\ xA1\xEC\xAB\xE4\x9F\xB5\x14\xDD_\xB1\x02\x18Z\xEC\xD2aw\xB0\xC7wO\xA3Nx\xED\xBE\x05\xB5\xD8Cj\xFDRF\xC7\xC7\xA1 xB2\xF8\xE1V\xE2\x92\xCB6\xE4\xA3\xB8\x1B\xEA(V\xD4l\xCB\x9C\xBF\xDE\xA3\xC1B\x9C\x00!\xE3\x08\x03\x `{\xEDB\xBC\xF7\xA56\xBE%\x8F\xC7\xA5s\xD9b\x93\x1Ch(\xDBK\xC1\xAA\x9B\xE9\xFFST\xD8C\xA4i\xBA\xAD\xB9[\ xAF\xEF" 400 166 "-" "-"
| 151.239.55.4 - - [13/Nov/2021:16:06:17 +0530] „5\x97\x05C\x12\x8D{]\xD4fE\x7F\xEA\xA7s\x84\xB0\xB4}/\x91 \x99\xAB.n\x88Hc\xFAp\x86E\x93i\xC9g\xE8\xB4S\x08wL2q\xF7S\xD6`\xA4\xA7\xFF\x08\xD1\x1AC\x89+\x91\xB5\x91\xB5 xA6>k\x07\xC9j\x9F\x89Q\xDDgt@\xF5:\xAE\x19\xD8\xDA\x1Dy\x97\xF0\xEF[n\x9CJ\x0BhP\xFDe\xC6\xBDq\xC5\x9C\ xC4-4\xDC\xB8\xBD\x045\xFDP\x15\xB2\x1E\xE7R\xA6-\xF8c\x11\xB6h\xD0\xECE<\xD4>\x8Dz\xECt\xC0" 400 166 "-" "-"
236
0 + 0
anx avatar
drapel fr
anx
Vă rugăm să [editați] întrebarea dvs. pentru a include filtrele fail2ban pe care sperați să le îmbunătățiți.
2
Răspunde
Puncte:1
sebres avatar Server
drapel il
sebres

Ta failregex nu este exact (mai mult este vulnerabil) pentru că caută și poate găsi 400 literalmente peste tot și nu doar ca cod de răspuns.
Ancora de început (^) lucrează doar pentru <HOST> etichetați și se oprește să funcționeze de acum înainte din cauza catch-all .* şi nu la capăt-ancorat, pentru că .*$ nu este deloc o ancoră, așa că, în cele din urmă, regex-ul este neancorat din ambele părți, ceea ce este întotdeauna rău, deoarece:

  • este vulnerabil în sensul acurateții (de exemplu, pozitive false)
  • face analiza extrem de lentă (în special în cazul unor mesaje lungi)

De asemenea, nu aveți nevoie de filtru suplimentar pentru un lucru atât de simplu, îl puteți seta direct în închisoare, astfel încât acest lucru ar fi suficient în dvs. închisoare.locală:

[ban-400]
logpath =...
filtru =
port = 80.443
failregex = ^<ADDR> \S+ \S+(?: \[\])? "[^"]*" 400\s
activat = adevărat

Acest failregex este exact și cât mai rapid posibil (găsește 400 doar ca cod de răspuns).

Observație: (nginx nu este afectat)
Dacă un caracter-ghilime poate fi, de asemenea, închis între ghilimele ca valoare de evadare, cum ar fi \" (nginx îi scapă ca \x22, vezi extras, deci este mai degrabă scapat ca valoare hexagonală și " nu ar trebui să apară deloc), puteți înlocui "[^"]*" cu "(?:[^"]*|(?:[^"\\]*|\\.)*)", care poate fi puțin mai lent decât anterior.

De asemenea, vă rugăm să rețineți fail2ban :: wiki :: Cele mai bune practici.

0 + 0
anx avatar
drapel fr
anx
Acest lucru explică performanța și fals pozitive, dar am citit întrebarea mai mult ca o problemă cu fals negative. În orice caz, întrebarea ar trebui îmbunătățită pentru a clarifica.
1
Răspunde
drapel romania
SEF 777
întrebarea această in alte limbi:

Postează un răspuns

Majoritatea oamenilor nu înțeleg că a pune multe întrebări deblochează învățarea și îmbunătățește legătura interpersonală. În studiile lui Alison, de exemplu, deși oamenii își puteau aminti cu exactitate câte întrebări au fost puse în conversațiile lor, ei nu au intuit legătura dintre întrebări și apreciere. În patru studii, în care participanții au fost implicați în conversații ei înșiși sau au citit transcrieri ale conversațiilor altora, oamenii au avut tendința să nu realizeze că întrebarea ar influența – sau ar fi influențat – nivelul de prietenie dintre conversatori.