[root@dev-dbs fail2ban-0.8.14]# cat /data/program/nginx/conf/nginx.conf

http {

    include       mime.types;

    default_type  application/octet-stream;

    limit_req_zone $binary_remote_addr zone=allips:10m rate=20r/m;

    sendfile        on;

    server {

        listen       80;

        server_name  localhost;

        location / {

            root   html;

            index  index.html index.htm;

        }

        error_page   500 502 503 504  /50x.html;

        location = /50x.html {

            root   html;

        limit_req zone=allips burst=3 nodelay;

        }

 

[root@huangzp3 test]# cat test.sh

for (( i=0;i<60;i++ ))

    do

        curl -I 192.168.3.232/50x.html >>test.log ;

        sleep 1

    done


[root@dev ~]# sh test.sh

[root@dev ~]# sh test.sh 

[root@dev ~]# cat test.log |grep 503|wc -l

74

[root@dev ~]# cat test.log |grep 200|wc -l

46

 

[root@dev-dbs fail2ban-0.8.14]# tail -f /data/program/nginx/logs/error.log

2018/04/24 23:46:24 [error] 13440#0: *76815 limiting requests, excess: 3.108 by zone "allips", client: 192.168.2.230, server: localhost, request: "HEAD /50x.html HTTP/1.1", host: "192.168.3.232"

2018/04/24 23:46:26 [error] 13440#0: *76817 limiting requests, excess: 3.433 by zone "allips", client: 192.168.2.230, server: localhost, request: "HEAD /50x.html HTTP/1.1", host: "192.168.3.232"

2018/04/24 23:46:27 [error] 13440#0: *76818 limiting requests, excess: 3.090 by zone "allips", client: 192.168.2.230, server: localhost, request: "HEAD /50x.html HTTP/1.1", host: "192.168.3.232"

 

 

[root@dev-dbs fail2ban-0.8.14]# cat /etc/fail2ban/filter.d/nginx-req-limit.conf

#Fail2Ban configuration file

#

# supports: ngx_http_limit_req_module module

[Definition]

 

failregex = .* limiting requests, excess:.* by zone.*client: <HOST>, .*

 

# Option: ignoreregex #

#Notes.: regex to ignore. If this regex matches, the line is ignored.

# Values: TEXT

#

ignoreregex =

 

 

 

[root@dev-dbs fail2ban-0.8.14]# cat /etc/fail2ban/jail.conf

[nginx-req-limit]

enabled  = true

port     = https,http

filter   = nginx-req-limit

logpath  = /data/program/nginx/logs/error.log

maxretry = 20

findtime = 60

bantime  = 60

action   = iptables-multiport[name=nginx-req-limit, port="https,http", protocol=tcp]

           sendmail-whois-lines[name=nginx-req-limit, [email protected]]

 

 

[root@dev-dbs fail2ban-0.8.14]# service fail2ban start

[root@dev-dbs fail2ban-0.8.14]# iptables -nvL

Chain INPUT (policy ACCEPT 463K packets, 40M bytes)

 pkts bytes target     prot opt in     out     source               destination        

    0     0 fail2ban-nginx-req-limit  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 443,80

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination        

 

Chain OUTPUT (policy ACCEPT 371K packets, 37M bytes)

 pkts bytes target     prot opt in     out     source               destination        

 

Chain fail2ban-nginx-req-limit (1 references)

 pkts bytes target     prot opt in     out     source               destination        

0     0 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0

 

 

 

[root@huangzp3 test]# sh test.sh

[root@dev-dbs fail2ban-0.8.14]# iptables -nvL

Chain INPUT (policy ACCEPT 4370 packets, 354K bytes)

 pkts bytes target     prot opt in     out     source               destination        

  226 15216 fail2ban-nginx-req-limit  tcp  --  *      *       0.0.0.0/0            0.0.0.0/0           multiport dports 443,80

 

Chain FORWARD (policy ACCEPT 0 packets, 0 bytes)

 pkts bytes target     prot opt in     out     source               destination        

 

Chain OUTPUT (policy ACCEPT 3505 packets, 305K bytes)

 pkts bytes target     prot opt in     out     source               destination        

 

Chain fail2ban-nginx-req-limit (1 references)

 pkts bytes target     prot opt in     out     source               destination        

   10   600 REJECT     all  --  *      *       192.168.2.230        0.0.0.0/0           reject-with icmp-port-unreachable

  216 14616 RETURN     all  --  *      *       0.0.0.0/0            0.0.0.0/0          

 

[root@dev-dbs fail2ban-0.8.14]# iptables -nvL --line-numbers

[root@dev-dbs fail2ban-0.8.14]# iptables -D fail2ban-nginx-req-limit 1

[root@dev-dbs fail2ban-0.8.14]# service fail2ban stop