When making my other servers I was double checking fail2ban configurations and noticed there is no fail2ban settings for nginx seeing as the webmail runs on it. Not sure if it’s an issue, or anything but I was hoping some other could tell me if I am on the right track, or if it’s not even necessary.
I did this for my email server which runs nginx as the web server.
In the /etc/fail2ban/jail.local
[nginx-http-auth] enabled = true filter = nginx-http-auth port = http,https logpath = /var/log/nginx/error.log
[nginx-badbots] enabled = true port = http,https filter = nginx-badbots logpath = /var/log/nginx/access.log maxretry = 2
sudo nano nginx-http-auth.conf
make sure it’s like below
[Definition] failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$ ^ \[error\] \d+#\d+: \*\d+ no user/password was provided for basic authentication, client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$ ignoreregex =
copy badbots config from apache
sudo cp apache-badbots.conf nginx-badbots.conf