UPDATE:
I checked the curl command with port 443, and it does return the 400 error:
<html>
<head><title>400 The plain HTTP request was sent to HTTPS
port</title></head>
<body bgcolor="white">
<center><h1>400 Bad Request</h1></center>
<center>The plain HTTP request was sent to HTTPS port</center>
<hr><center>nginx</center>
</body>
</html>
I guess with port 80 it is nginx redirecting to 443.
On Tue, Jul 5, 2016 at 6:21 PM, gurabli <[email protected]> wrote:
> Hi,
>
> thanks for your answer!
> I'm using the nginx no-proxy filter from the DigitalOcean guide at
> https://www.digitalocean.com/community/tutorials/how-to-protect-an-nginx-server-with-fail2ban-on-ubuntu-14-04
>
> The filter is:
>
> [Definition]
>
> failregex = ^<HOST> -.*GET http.*
>
> ignoreregex =
>
>
> I think it works as I have one or two banned attempts each day, most of
> the times from Chinese IPs, and today I had two from Polish IPs.
>
> Running the curl commands you suggested return the following:
>
> Port 80:
>
> <html>
> <head><title>301 Moved Permanently</title></head>
> <body bgcolor="white">
> <center><h1>301 Moved Permanently</h1></center>
> <hr><center>nginx</center>
> </body>
> </html>
>
> Port 8080:
>
> curl: (7) Failed to connect to address.com port 8080: Connection refused
>
> I have nginx configured to allow only https, http is redirected to https.
>
> I'm not sure if it is configured correctly and the port 80 response is
> correct. It is not the 400 error you wrote, but 301.
>
> Best,
> gurabli
>
>
> On Tue, Jul 5, 2016 at 5:56 PM, Mitchell Krog <[email protected]>
> wrote:
>
>> Hi there
>>
>> Which nginx no-proxy filter are you using? I know of one floating around
>> on tutorials but it's not official and it does not even work either so I am
>> guessing that's the one you might have. There is not one I know of included
>> with Fail2Ban.
>>
>> Just do a manual test to actually know if your Nginx is actually an open
>> proxy or not.
>>
>> Run a curl like this:
>> curl --proxy http://www.yoursite.com:80 http://www.google.com
>> curl --proxy http://www.yousite.com:8080 http://www.google.com
>>
>> You should get a 400 error from Nginx. If you don't then rather fix that
>> problem than worrying about a Fail2Ban filter trying to detect it.
>> You don't want your server being involved as a middle man in phishing or
>> scams.
>>
>> Kind Regards
>> Mitch
>>
>>
>>
>> On 2016/07/05 8:57 AM, gurabli wrote:
>>
>>
>> Hi,
>>
>> I have nginx running on my home server, and recently I installed
>> fail2ban, and configured (among others) the noproxy jail. Since then, I
>> daily get a notification that Chinese IP is blocked by the norpoxy filter.
>>
>> I tried to get more information about the noproxy, but I couldn't find
>> anything that I understand. What are these users actually want to achieve
>> and use my server for that fail2ban successfully bans?
>>
>> If I do not use fail2ban, what would they able to do with my server in
>> terms of this noproxy? I have authentication enables, if that matters
>> anything in case of proxy attack.
>>
>> I set the max retries to 0 and ban to one week, and I also use GeoIP
>> blocking (it works, but for some reason it doesn't block by default these
>> Chinese IP's for noproxy), and I also added the IP range as deny to nginx
>> from where the noproxy attacks originated.
>>
>> Many thanks!
>> gurabli
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
>> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
>> present their vision of the future. This family event has something for
>> everyone, including kids. Get more information and register
>> today.http://sdm.link/attshape
>>
>>
>>
>> _______________________________________________
>> Fail2ban-users mailing
>> [email protected]https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>>
>>
>>
>> ------------------------------------------------------------------------------
>> Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
>> Francisco, CA to explore cutting-edge tech and listen to tech luminaries
>> present their vision of the future. This family event has something for
>> everyone, including kids. Get more information and register today.
>> http://sdm.link/attshape
>> _______________________________________________
>> Fail2ban-users mailing list
>> [email protected]
>> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
>>
>>
>
------------------------------------------------------------------------------
Attend Shape: An AT&T Tech Expo July 15-16. Meet us at AT&T Park in San
Francisco, CA to explore cutting-edge tech and listen to tech luminaries
present their vision of the future. This family event has something for
everyone, including kids. Get more information and register today.
http://sdm.link/attshape
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
