I’ve also added 403 as a 2nd line. Maybe this can be done by regex as well, but I’m not such a hero with regex

Currently I’m also trying to block other requests. These requests are polling for files (like my environ file) outside my webdirectory. Now I could place my apache webserver in a chrooted jail, but this proves to be difficult because my web application has to create linux users. I would like to know how fail2ban can assist in blocking these:

202.109.129.166 – - [16/Dec/2011:08:22:25 +0100] “GET /?file=../../../../../../proc/self/environ%00 HTTP/1.1″ 200 1864 “-” “”
202.109.129.166 – - [16/Dec/2011:08:22:25 +0100] “GET /?page=../../../../../../proc/self/environ%00 HTTP/1.1″ 200 1864 “-” “”
202.109.129.166 – - [16/Dec/2011:08:22:26 +0100] “GET /?mod=../../../../../../proc/self/environ%00 HTTP/1.1″ 200 1864 “-” “”
202.109.129.166 – - [16/Dec/2011:08:22:26 +0100] “GET /index.php?option=com_simpledownload&controller=../../../../../../../../../../../../../../../proc/self/environ%00 HTTP/1.1″ 200 1864 “-” “”

One gotcha (my own stupidity, not your instructions) was that I called the filter ‘apache-404′ and omitted the ‘.conf’ on the end. fail2ban just wouldn’t start and I couldn’t see why. It all sprang into life when I noticed my mistake and corrected it

I implemented it and immediately cut down on probing activity on my server.

Some of my sites don’t have favicons, which were generating 404 errors on every request, and consequently getting me banned after a few page views. By adding “favicon\.ico” (omit the quotes, but not the slash escaping the period) to the ignoreregex line, I stopped this from happening. So:

ignoreregex = favicon\.ico

Thanks for the help!

Thank you.