0

我在 fail2ban 中使用以下过滤器

[Definition]

failregex = ^<HOST> -.*GET.*(\.php|\.asp|\.exe|\.pl|\.cgi|\.scgi)

ignoreregex =
#https://chlee.co/how-to-secure-and-protect-nginx-on-linux-with-fail2ban/

我在 nginx 后面运行了一些服务,例如,一个错误地触发禁令的服务是 Plex。

当我浏览到我的域并加载 Plex 时,我使用我的电子邮件 + 密码登录,然后使用 2fa 登录。

然后我还让用户在 Plex 中设置了引脚,问题就来了。在这个阶段,当我输入我的密码时,Plex 会进行一些重定向,最终 fail2ban 使用上面的这个过滤器阻止了我。

这是我正在访问的站点的 nginx 日志,最后一个日志的时间戳是我被禁止的时间。


IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET / HTTP/1.1" 301 162 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET / HTTP/1.1" 302 0 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/index.html HTTP/1.1" 200 4134 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/js/chunk-4-333fc26d3f54e95554f2-plex-4.53.0-12fba3f.js HTTP/1.1" 200 468067 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.css HTTP/1.1" 200 517264 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:25 +0100] "GET /web/js/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.js HTTP/1.1" 200 1354513 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/translations/en-GB.json HTTP/1.1" 200 16163 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/common/img/backgrounds/noise.b38a559594ac52d049bac587b89ec859.png HTTP/1.1" 200 54413 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/common/img/backgrounds/preset-dark2.24cb7f1a5e2d0102f05f3e59dfad9086.png HTTP/1.1" 200 113817 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /media/providers?X-Plex-Product=Plex%20Web&X-Plex-Version=4.53.0&X-Plex-Client-Identifier=removed-Plex-Platform=Microsoft%20Edge&X-Plex-Platform-Version=89.0&X-Plex-Sync-Version=2&X-Plex-Features=external-media%2Cindirect-media&X-Plex-Model=bundled&X-Plex-Device=Windows&X-Plex-Device-Name=Microsoft%20Edge&X-Plex-Device-Screen-Resolution=1872x947%2C1920x1080&X-Plex-Language=en-GB HTTP/1.1" 404 78 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /?X-Plex-Product=Plex%20Web&X-Plex-Version=4.53.0&X-Plex-Client-Identifier=removed-Plex-Platform=Microsoft%20Edge&X-Plex-Platform-Version=89.0&X-Plex-Sync-Version=2&X-Plex-Features=external-media%2Cindirect-media&X-Plex-Model=bundled&X-Plex-Device=Windows&X-Plex-Device-Name=Microsoft%20Edge&X-Plex-Device-Screen-Resolution=1872x947%2C1920x1080&X-Plex-Language=en-GB HTTP/1.1" 302 0 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:26 +0100] "GET /web/index.html HTTP/1.1" 200 4129 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/index.html HTTP/1.1" 200 4134 "https://app.plex.tv/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.css HTTP/1.1" 200 517264 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/js/chunk-2-b54f2155808d323fd53a-plex-4.53.0-12fba3f.js HTTP/1.1" 200 1354531 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"
IP REMOVED - - [05/Apr/2021:12:57:43 +0100] "GET /web/js/chunk-4-333fc26d3f54e95554f2-plex-4.53.0-12fba3f.js HTTP/1.1" 200 468100 "https://myplexdomain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/89.0.4389.114 Safari/537.36 Edg/89.0.774.68"

如何调整正则表达式以阻止虚假禁令?

谢谢

4

0 回答 0