当前的fail2ban版本0.9.1没有Tomcat的预configurationfilter。 如果有人需要它,这里是一个正则expression式适用于我。 请注意,我的应用程序不会有任何404错误。 对于更典型的网站,请考虑不使用failregex的第一行。
[INCLUDES] [Definition] # 1. match on 40x http status code # 2. URLs should start with a forward slash - (often proxy requests start with http://blahh) # 3. match on http 1.0 - let's not support it, even for search engines failregex = <HOST> - - \[.*\] "GET .* HTTP/1.1" 40\d \d+$ <HOST> - - \[.*\] "GET http <HOST> - - \[.*\] "GET .* HTTP/1.0" ignoreregex = 噢,这里是监狱的定义(添加到jail.local):
[tomcat] enabled = true port = http,https filter = tomcat logpath = /opt/tomcat8/logs/localhost_access_log.*.txt maxretry = 1 action = iptables-allports