echochio

不管主機是 apache 或 nginx 或 .....

尤其是 AWS 環境下前端有 NLB ...會傳 X-Forwarded-For 來源資訊 

用 fail2ban 阻擋 最簡單

建立自定規則  action.d/iptables-proxy.conf 給 fail2ban 用 

[INCLUDES]

before = iptables-blocktype.conf

[Definition]

actionstart = iptables -N fail2ban-<name>
          iptables -A fail2ban-<name> -j RETURN
          iptables -I <chain> -p <protocol> --dport <port> -j fail2ban-<name>

actionstop = iptables -D <chain> -p <protocol> --dport <port> -j fail2ban-<name>
         iptables -F fail2ban-<name>
         iptables -X fail2ban-<name>
         
actioncheck = iptables -n -L <chain> | grep -q 'fail2ban-<name>[ \t]'

actionban = iptables -I fail2ban-<name> 1 -p tcp --dport 80 -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP

actionunban = iptables -D fail2ban-<name> -p tcp --dport 80 -m string --algo bm --string 'X-Forwarded-For: <ip>' -j DROP

[Init]
name = default
port = http
protocol = tcp
chain = INPUT

jail 設定

[iptables-proxy]
enabled = true
filter = iptables-proxy-filter
action = iptables-proxy[name = iptables-proxy , port = http, protocol = tcp]
port = http
logpath = /path/to/your/log
maxretry = 5
findtime = 60
bantime = 3600