Creating a fail2ban proxy filter

Creating a fail2ban proxy filter

I recently discovered the usefulness of fail2ban whilst researching a way to block proxyheader.php requests on my LAMP server.

The request always came from the same location and the same IP's:

A whois on these IP's reveal that they're based in China - Bejing to be exact - and the people using them are probably searching for proxy servers to avoid the Great FW of China, but who knows really.

When I used Apache I needed to adjust the /etc/fail2ban/filter.d/apache-proxy.conf filter to get it to work:

# Fail2Ban configuration file
# Author: James Roe
# Use in apache access logs
# Matches lines such as:
# - - "GET ...
failregex = ^(?:(?![0-9\.]* -.*"[A-Z]* (/|.*HTTP/1\.[0-9]" (301|302))))
ignoreregex =

Place this in /etc/fail2ban/jail.d/apache-proxy.conf:

enabled = true
port    = http,https
filter  = apache-proxy
logpath = /var/log/httpd/*access_log
maxretry = 0
findtime = 604800
bantime = 604800

Not releavant for me anymore, since I stopped using Apache, it is better to check fail2ban site instead: Fail2ban