I have recently moved this, and a bunch of other sites I host, over to new infrastructure.
Unfortunately, for reasons I won’t bore you with (mainly because I’ve not yet figured them out), the standard ip-tables
ban action in fail2ban has stopped working. However, since I am already behind a firewall, all I really need is to block the script kiddie attacks for the various website logins.
I already have some filters for this, so I wrote some quick actions to add these IP addresses to ban lists that can be used by Apache.
I have two flavours, one for apache 2 and another for apache2.4.
Usage
Copy the appropriate action config into your /etc/fail2ban/action.d
directory, and enable the action in the usual way.
Then, to actually use the block list, you’re going to need to include it into your vhost config by referencing it in your <directory>
block, e.g.:
<RequireAll>
Require all granted
Include /var/run/fail2ban/fail2ban.apache24
</RequireAll>
Link to fail2ban.apache
for the apache 2 version.
Hope this is useful to folks!