# Fail2Ban Configuration File
#
# apache-antibot.conf
#
# Author: Philipp Lopaur
# Revision: 2012-04-18
#
#
# match stuff like this from *access.log from a dummy NameVirtualHost or a normal NameVirtualHost
# the dummy host always returns 403 via rewrite rule
#
# match all 404s or 403s where url contains special "badurl" parts 
#
#194.72.238.241 - - [19/Apr/2012:03:28:57 +0200] "HEAD / HTTP/1.0" 403 - "-" "-" 19 166
#50.19.251.168 - - [19/Apr/2012:05:28:32 +0200] "HEAD /manager/status HTTP/1.1" 403 - "-" "Java/1.7.0" 164 204
#202.56.221.30 - - [19/Apr/2012:10:01:13 +0200] "GET /user/soapCaller.bs HTTP/1.1" 403 190 "-" "Morfeus Fucking Scanner" 182 401
#210.196.130.73 - - [18/Apr/2012:06:15:52 +0200] "GET /phpMyAdmin-2.8.0-rc1/scripts/setup.php HTTP/1.1" 403 206 "-" "Mozilla/5.0 (Windows NT 6.1) AppleWebKit/535.1 (KHTML, like Gecko) Chrome/13.0.782.220 Safari/535.1" 278 417



# change badurls to fit your taste and needs, this are the more common ones
[Definition]
badurls = myadmin|phpadmin|sql|webdb|wp-login\.php|soapCaller|manager|setup\.php|pma|status

failregex = ^(?i)<HOST> .* "(GET|POST|HEAD) .*(%(badurls)s).* HTTP.*" (403|404) .*$
            ^(?i)<HOST> .* "(GET|POST|HEAD) / HTTP.*" (403|404) .*$

ignoreregex =