如何解决Fail2ban Nginx-noscript 错误地禁止 ip
我在fail2ban中使用以下过滤器
[Definition]
failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)
ignoreregex =
#https://chlee.co/how-to-secure-and-protect-nginx-on-linux-with-fail2ban/
我在 nginx 后面运行了一些服务,例如一个错误触发禁令的服务是 Plex。
当我浏览到我的域并加载 Plex 时,我使用我的电子邮件 + 密码然后 2fa 登录。
然后我也让用户在 Plex 中使用 pin 进行设置,问题来了。在这个阶段,当我输入我的 pin 时,Plex 会进行一些重定向,最终 fail2ban 使用上面的过滤器阻止了我。
这是我正在访问的站点的 nginx 日志,最后一个日志的时间戳是我被禁止的时间。
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/index.html HTTP/1.1" 200 4134 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/js/chunk-4-333fc26d3f54e95554f2-plex-4.53.0-12fba3f.js HTTP/1.1" 200 468067 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.css HTTP/1.1" 200 517264 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/js/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.js HTTP/1.1" 200 1354513 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/translations/en-GB.json HTTP/1.1" 200 16163 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/common/img/backgrounds/noise.b38a559594ac52d049bac587b89ec859.png HTTP/1.1" 200 54413 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/common/img/backgrounds/preset-dark2.24cb7f1a5e2d0102f05f3e59dfad9086.png HTTP/1.1" 200 113817 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /media/providers?X-Plex-Product=Plex%20Web&X-Plex-Version=4.53.0&X-Plex-Client-Identifier=removed-Plex-Platform=Microsoft%20Edge&X-Plex-Platform-Version=89.0&X-Plex-Sync-Version=2&X-Plex-Features=external-media%2Cindirect-media&X-Plex-Model=bundled&X-Plex-Device=Windows&X-Plex-Device-Name=Microsoft%20Edge&X-Plex-Device-Screen-Resolution=1872x947%2C1920x1080&X-Plex-Language=en-GB HTTP/1.1" 404 78 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /?X-Plex-Product=Plex%20Web&X-Plex-Version=4.53.0&X-Plex-Client-Identifier=removed-Plex-Platform=Microsoft%20Edge&X-Plex-Platform-Version=89.0&X-Plex-Sync-Version=2&X-Plex-Features=external-media%2Cindirect-media&X-Plex-Model=bundled&X-Plex-Device=Windows&X-Plex-Device-Name=Microsoft%20Edge&X-Plex-Device-Screen-Resolution=1872x947%2C1920x1080&X-Plex-Language=en-GB HTTP/1.1" 302 0 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/index.html HTTP/1.1" 200 4129 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/index.html HTTP/1.1" 200 4134 "https://app.plex.tv/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.css HTTP/1.1" 200 517264 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/js/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.js HTTP/1.1" 200 1354531 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/js/chunk-4-333fc26d3f54e95554f2-plex-4.53.0-12fba3f.js HTTP/1.1" 200 468100 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML,like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
如何调整正则表达式来阻止误封?
谢谢
版权声明:本文内容由互联网用户自发贡献,该文观点与技术仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 dio@foxmail.com 举报,一经查实,本站将立刻删除。