I am using Fail2Ban and I have configured it as needed. This is reading logs from nginx/error.log and is acting depending on configs about maxretry and timing sets. The question is that is this possible to have different rules depending on status codes?
For instance, I want to block anyone getting 10 404 Status code
in 5 minutes, but to block anyone getting 3 403 Status code
.
Any help would be highly appreciated, thanks in advance.
Best Answer
You should add a filter in
/etc/fail2ban/filter.d/
with a relevant name - e.g.nginx-{403,404}.conf
.They should contain something like the following lines :
nginx-403.conf :
nginx-404.conf :
Then you should call them from your jail.conf or whatsoever your conf file is :
For 403 :
And for 404 :