bertof/nix-dotfiles
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

update(baldur): better fail2ban filters

Browse source
This commit is contained in:
Filippo Berto 2025-10-16 15:19:35 +02:00
parent 3cb057a31a
commit 79138d965d
No known key found for this signature in database
GPG key ID: F1D17F9BCEC62FBC
1 changed files with 24 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

24
instances/baldur/configuration.nix
View file

@ -51,6 +51,14 @@
enable = true; enable = true;
bantime-increment.enable = true; bantime-increment.enable = true;
jails = { jails = {
"nginx-bad-request" = {
settings = {
filter = "nginx-bad-request";
action = ''nftables-multiport[name=HTTP, port="http,https"]'';
logpath = "/var/log/nginx/error.log*";
backend = "auto";
};
};
"nginx-botsearch" = { "nginx-botsearch" = {
settings = { settings = {
filter = "nginx-botsearch"; filter = "nginx-botsearch";
@ -59,6 +67,14 @@
backend = "auto"; backend = "auto";
}; };
}; };
"nginx-forbidden" = {
settings = {
filter = "nginx-forbidden";
action = ''nftables-multiport[name=HTTP, port="http,https"]'';
logpath = "/var/log/nginx/error.log*";
backend = "auto";
};
};
"nginx-http-auth" = { "nginx-http-auth" = {
settings = { settings = {
filter = "nginx-http-auth"; filter = "nginx-http-auth";
@ -67,6 +83,14 @@
backend = "auto"; backend = "auto";
}; };
}; };
"nginx-limit-req" = {
settings = {
filter = "nginx-limit-req";
action = ''nftables-multiport[name=HTTP, port="http,https"]'';
logpath = "/var/log/nginx/error.log*";
backend = "auto";
};
};
}; };
}; };
nginx = { nginx = {