• Plesk Uservoice will be deprecated by October. Moving forward, all product feature requests and improvement suggestions will be managed through our new platform Plesk Productboard.
    To continue sharing your ideas and feedback, please visit features.plesk.com

Question Fail2Ban filter for this strange log entry?

M

Maris

Basic Pleskian
Hello, I've recently found several very strange entries in my access log:
xx.xxx.xx.xx - - [08/Oct/2017:00:23:56 +0300] "" 400 0 "-" "-"

there is no host, there is no post or get or anything.. only IP and error number,
my question is how would Fail2Ban's filter look to ban this IP?

failregex = ^<HOST>.*"(GET|POST).*" (400) .*$

This is not working since there is no host and Get or Post either

Please help, thanks!
 
In most cases, such kind of 400 responses indicates that the client sends a too large header. Option

Code: 
large_client_header_buffers 4 16k;

should help.
 
This was a malicious traffic, not a regular one, that's why i am asking how to auto-ban such requests through Fail2Ban based on the line i provided from logs. Thanks.
 
You must log in or register to reply here.

Similar threads

M
Question apache2 error.log have changed, fail2ban not working anymore
Replies
0
Views
471
millerbln
M
T
Question Fail2ban trying to setup a rule to ban ai bots
Replies
4
Views
5K
Bitpalast
Bitpalast
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
1K
andreios
andreios
TimReeves
Fail2Ban Jail needed for /var/log/sw-cp-server/error_log
Replies
5
Views
8K
roon
R
wakabayashi
Resolved Fail2Ban - Postfix not working for SASL (bug?)
Replies
4
Views
3K
mizar
mizar
Back
Top