Hello, I've recently found several very strange entries in my access log:
xx.xxx.xx.xx - - [08/Oct/2017:00:23:56 +0300] "" 400 0 "-" "-"
there is no host, there is no post or get or anything.. only IP and error number,
my question is how would Fail2Ban's filter look to ban this IP?
failregex = ^<HOST>.*"(GET|POST).*" (400) .*$
This is not working since there is no host and Get or Post either
Please help, thanks!
xx.xxx.xx.xx - - [08/Oct/2017:00:23:56 +0300] "" 400 0 "-" "-"
there is no host, there is no post or get or anything.. only IP and error number,
my question is how would Fail2Ban's filter look to ban this IP?
failregex = ^<HOST>.*"(GET|POST).*" (400) .*$
This is not working since there is no host and Get or Post either
Please help, thanks!