With the introduction of fail2ban 0.10.4 we have added a new configuration of jail for apache-noscripts, this is the upstream issue
- introduced by 10.3
https://github.com/fail2ban/fail2ban/issues/2073
Now we are looking after this kind of error in apache logs (/var/log/httpd/*error_log), not for all website, I cannot reproduce it for all, simply reach the URL, you will see the log trace. You can call also a non existing script after your url : https://your.domain/plop.php
[Fri Jan 03 09:46:58.193392 2020] [proxy_fcgi:error] [pid 14676] [client 86.195.248.166:50400] AH01071: Got error 'Primary script unknown\n', referer: https://stephane.de-labrusse.fr/
this is due to php-fpm and an old version of apache,corrected by versions after 2.4.26, of course not available in centos7, we run 2.4.6.
This is valid for any php-fpm version, either from remi (my rpm) or for the official in nethserver-httpd-virtualhosts.
The direct impact is that people visiting your website will be banned by fail2ban, the first thing to do is either disable apache-noscripts (devs have stated that it coult do a lot false positive) or manually remove the line which triggers this in the relevant filter (/etc/fail2ban/filter.d/apache-noscript.conf
)
- ^error '[Pp]rimary script unknown\\n'
+ # ^error '[Pp]rimary script unknown\\n'
this will be changed with the next rpm update.
we need to match a solution, but we have a too old version of apache, even if the php-fpm is fully workable, we trigger some log noises.
this should be supposed to work
<FilesMatch \.php$>
<If "-f %{SCRIPT_FILENAME}">
SetHandler "proxy:unix:/run/php-fpm/www.sock|fcgi://localhost"
</If>
</FilesMatch>
but not in our versions
some related links, looks after : php-fpm AH01071: Got error 'Primary script unknown\n'
Résumé
https://serverfault.com/questions/914229/ah01071-got-error-primary-script-unknown
https://serverfault.com/questions/733230/apache-file-not-found-after-setting-up-php-fpm-chroot
https://serverfault.com/questions/960558/mod-rewrite-on-debian-stretch-breaks-php7-0-fpm-with-ah01071-got-error-primary
https://medium.com/@jacksonpauls/moving-from-mod-php-to-php-fpm-914125a7f336
http://lost.l-w.ca/0x05/apache-mod_proxy_fcgi-and-php-fpm/