Fail2ban: how to block access to /wpad

I am lookin for a filter.d to avoid continue access to /wpad

Having nginx log rows like this - - [04/Oct/2021:16:30:47 +0200] “GET /wpad.dat HTTP/1.1” 404 153 “-” “WinHttp-Autoproxy-Service/5.1”

how to create the failregex?

Hi and welcome to the NethServer forum.

NethServer uses Apache. Did you install nginx?

Do you use the proxy server on Nethserver? The “attacker” just gets a “404 not found” error so I don’t know if it’s necessary to use fail2ban for it.


This worked for me:

failregex = ^<HOST> .*GET /wpad.dat HTTP/1.1" 404

1 Like