Hi,
thanks for your answer!
I'm using the nginx no-proxy filter from the DigitalOcean guide at
https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04
The filter is:
[Definition]
failregex = ^<HOST> -.*GET http.*
ignoreregex =
I think it works as I have one or two banned attempts each day, most of the
times from Chinese IPs, and today I had two from Polish IPs.
Running the curl commands you suggested return the following:
Port 80:
<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx</center>
</body>
</html>
Port 8080:
curl: (7) Failed to connect to address.com port 8080: Connection refused
I have nginx configured to allow only https, http is redirected to https.
I'm not sure if it is configured correctly and the port 80 response is
correct. It is not the 400 error you wrote, but 301.
Best,
gurabli
On Tue, Jul 5, 2016 at 5:56 PM, Mitchell Krog <[email protected]>
wrote:
> Hi there
>
> Which nginx no-proxy filter are you using? I know of one floating around
> on tutorials but it's not official and it does not even work either so I am
> guessing that's the one you might have. There is not one I know of included
> with Fail2Ban.
>
> Just do a manual test to actually know if your Nginx is actually an open
> proxy or not.
>
> Run a curl like this:
> curl --proxy http://www.yoursite.com:80 http://www.google.com
> curl --proxy http://www.yousite.com:8080 http://www.google.com
>
> You should get a 400 error from Nginx. If you don't then rather fix that
> problem than worrying about a Fail2Ban filter trying to detect it.
> You don't want your server being involved as a middle man in phishing or
> scams.
>
> Kind Regards
> Mitch
>
>
>
> On 2016/07/05 8:57 AM, gurabli wrote:
>
>
> Hi,
>
> I have nginx running on my home server, and recently I installed fail2ban,
> and configured (among others) the noproxy jail. Since then, I daily get a
> notification that Chinese IP is blocked by the norpoxy filter.
>
> I tried to get more information about the noproxy, but I couldn't find
> anything that I understand. What are these users actually want to achieve
> and use my server for that fail2ban successfully bans?
>
> If I do not use fail2ban, what would they able to do with my server in
> terms of this noproxy? I have authentication enables, if that matters
> anything in case of proxy attack.
>
> I set the max retries to 0 and ban to one week, and I also use GeoIP
> blocking (it works, but for some reason it doesn't block by default these
> Chinese IP's for noproxy), and I also added the IP range as deny to nginx
> from where the noproxy attacks originated.
>
> Many thanks!
> gurabli
>
>
>
>
> ------------------------------------------------------------------------------
> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register
> today.http://sdm.link/attshape
>
>
>
> _______________________________________________
> Fail2ban-users mailing
> [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
>
>
> ------------------------------------------------------------------------------
> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
> present their vision of the future. This family event has something for
> everyone, including kids. Get more information and register today.
> http://sdm.link/attshape
> _______________________________________________
> Fail2ban-users mailing list
> [email protected]
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>
>
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
