Install Fail2ban
Edit /etc/fail2ban/jail.conf
[http-get-dos]
enabled = true
port = http
filter = http-get-dos
logpath = /var/log/apache2/access.log
maxretry = 10
findtime = 5
action = iptables[name=HTTP, port=http, protocol=tcp]
bantime = 10
Edit /etc/fail2ban/filter.d/http-get-dos.conf
[Definition]
failregex = ^<HOST>.*"GET
Restart Fail2ban
/etc/init.d/fail2ban restart
Check iptables you will see new chain
iptables -nvL
OUTPUT:-
Chain fail2ban-HTTP (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
Edit /etc/fail2ban/jail.conf
[http-get-dos]
enabled = true
port = http
filter = http-get-dos
logpath = /var/log/apache2/access.log
maxretry = 10
findtime = 5
action = iptables[name=HTTP, port=http, protocol=tcp]
bantime = 10
Edit /etc/fail2ban/filter.d/http-get-dos.conf
[Definition]
failregex = ^<HOST>.*"GET
Restart Fail2ban
/etc/init.d/fail2ban restart
Check iptables you will see new chain
iptables -nvL
OUTPUT:-
Chain fail2ban-HTTP (1 references)
pkts bytes target prot opt in out source destination
0 0 RETURN all -- * * 0.0.0.0/0 0.0.0.0/0
