Nginx – How to get nginx-botsearch of Fail2Ban to match a string but also not match that same string if it has additional trailing characters

System is Ubuntu 16.04. Using fail2ban from the package manager (which is currently 0.9.3-1). Have enabled nginx-botsearch in jail.local.

Here is my /etc/fail2ban/filter.d/nginx-botsearch.local (note that nginx-botsearch depends on botsearch-common):

[INCLUDES]

before = botsearch-common.conf
after = botsearch-common.local

[Definition]

failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) \/<block> \S+\" 404 .+$
        ^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$

ignoreregex =

Here is my /etc/fail2ban/filter.d/botsearch-common.local:

[Init]

block = \/?(<webmail>|<phpmyadmin>|<wordpress>|cgi-bin|mysqladmin)[^,]*

webmail = roundcube|(ext)?mail|horde|(v-?)?webmail

phpmyadmin = (typo3/|xampp/|admin/|)(pma|(php)?[Mm]y[Aa]dmin)

wordpress = wp-(login|signup)\.php

So here's the problem. I want it to match "http://example.com/wp-login.php" or "http://example.com/folder/wp-login.php"

and not

"http://example.com/wp-login.phpasdfasdfasdf" or "http://example.com/wp-login.php?asdfasdfasdf". I have tried using $, \n, \b, \B and any number of other things on the end of the wordpress line to no avail. Please advise how this might be accomplished.

Nginx – How to get nginx-botsearch of Fail2Ban to match a string but also not match that same string if it has additional trailing characters

Best Answer

Related Topic

Best Answer

Related Solutions

Nginx Configuration – How to Create a Location in Nginx That Works with and Without a Trailing Slash

Ubuntu – Fail2Ban Correctly Attempts to Ban IP but IP does not get banned – iptables chain exists but not working

Related Topic