Issue I need help getting setting up a filter for AH01264 in fail2ban

[bartender1382]

Server operating system version

Ubuntu 22.04

Plesk version and microupdate number

18.0.57

Hello,

My linux level is way below beginner. Just setup my own server for development purposes.

So am using fail2ban for fail ssh attempts, and I noticed that I am gettin g a lot of hits from bots in the error.log attempting to access standard login phps or pls. So I would like to add a filter for AH01264 errors.

However my attempt at doing so just failed. I asked ChatGPT how to do it, and it had me do the following:

Add the following definition:

[Definition]
failregex = AH01264: client denied by server configuration

And then within jail.local

[apache-ah01264]
enabled = true
filter = apache-ah01264
logpath = /path/to/your/apache/error.log
maxretry = 3 # Adjust the value based on your needs
bantime = 3600 # Adjust the value based on your needs

I made sure to include the proper path to my error log, and restarted fail2ban.

Sadly it didn't catch anything, and the closest I could see in the fail2ban.log was:

2024-02-01 21:29:48,600 fail2ban [2932]: ERROR NOK: ("No failure-id group in 'AH01264: client denied by server configuration'",)

So obviously am missing something that my level of knowledge isn't catching.

Am hoping someone has some experience in this matter and could help me out.

Thank you

 

[Peter Debik]

The ChatGPT "solution" is completely wrong. You will need to remove these changes for Fail2ban to work correctly again. Instead, start out with the existing Plesk Apache and Apache Badbots jails.