I am lookin for a filter.d to avoid continue access to /wpad
Having nginx log rows like this
67.255.28.59 - - [04/Oct/2021:16:30:47 +0200] “GET /wpad.dat HTTP/1.1” 404 153 “-” “WinHttp-Autoproxy-Service/5.1”
how to create the failregex?
Hi and welcome to the NethServer forum.
NethServer uses Apache. Did you install nginx?
Do you use the proxy server on Nethserver? The “attacker” just gets a “404 not found” error so I don’t know if it’s necessary to use fail2ban for it.
EDIT:
This worked for me:
failregex = ^<HOST> .*GET /wpad.dat HTTP/1.1" 404
1 Like