name : nginx-bad-request.conf # Fail2Ban filter to match bad requests to nginx # [Definition] # The request often doesn't contain a method, only some encoded garbage # This will also match requests that are entirely empty failregex = ^<HOST> - \S+ \[\] "[^"]*" 400 datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)? ^[^\[]*\[({DATE}) {^LN-BEG} journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx # Author: Jan Przybylak