• If you are still using CentOS 7.9, it's time to convert to Alma 8 with the free centos2alma tool by Plesk or Plesk Migrator. Please let us know your experiences or concerns in this thread:
    CentOS2Alma discussion

Question Fail2Ban filter for this strange log entry?

M

Maris

Basic Pleskian
Hello, I've recently found several very strange entries in my access log:
xx.xxx.xx.xx - - [08/Oct/2017:00:23:56 +0300] "" 400 0 "-" "-"

there is no host, there is no post or get or anything.. only IP and error number,
my question is how would Fail2Ban's filter look to ban this IP?

failregex = ^<HOST>.*"(GET|POST).*" (400) .*$

This is not working since there is no host and Get or Post either

Please help, thanks!
 
In most cases, such kind of 400 responses indicates that the client sends a too large header. Option

Code: 
large_client_header_buffers 4 16k;

should help.
 
This was a malicious traffic, not a regular one, that's why i am asking how to auto-ban such requests through Fail2Ban based on the line i provided from logs. Thanks.
 
You must log in or register to reply here.

Similar threads

P
Input plesk fail2ban missing some important filter rules
Replies
2
Views
575
PeterKi
P
J
Issue Default plesk-wordpress fail2ban doesn't work
Replies
6
Views
225
Peter Debik
P
J
Issue Default plesk-apache-badbot fail2ban doesn't work
Replies
13
Views
453
Kaspar
K
J
Question Fail2ban filter courier imap fails.
Replies
1
Views
618
Peter Debik
P
J
Resolved Default plesk-wordpress fail2ban doesn't work
Replies
4
Views
1K
Mark_NLD
M
Back
Top