Ansible-with-Vagrant/fail2ban-conf/jail.local

[DEFAULT]

ignoreip = 127.0.0.1/8 IP
bantime = 3600
findtime = 3600
#mta = mail
#destemail = 
#sendername = Fail2BanAlerts
#action = %(action_mwl)s

[nginx-http-auth]

enabled  = true
filter   = nginx-http-auth
port     = http,https
logpath  = /var/log/nginx/*error.log
bantime = 259200

#[nginx-badbots]

#enabled  = true
#port     = http,https
#filter   = nginx-badbots
#logpath  = /var/log/nginx/access.log
#maxretry = 2

[nginx-badbots]

enabled = true
port = http,https
filter = nginx-badbots
failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*" 437
#ignoreregex =
backend = auto
logpath = /var/log/nginx/*access.log
bantime = 259200
maxretry= 1

[nginx-nohome]

enabled  = true
port     = http,https
filter   = nginx-nohome
logpath  = /var/log/nginx/*access.log
bantime = 259200
maxretry = 2

[nginx-noproxy]

enabled  = true
port     = http,https
filter   = nginx-noproxy
logpath  = /var/log/nginx/*access.log
bantime = 259200
maxretry = 2

[nginx-req-limit] 

enabled = true 
filter = nginx-req-limit 
action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp] 
logpath = /var/log/nginx/*error.log 
findtime = 600 
bantime = 259200
maxretry = 10 

[nginx-conn-limit] 

enabled = true 
filter = nginx-conn-limit 
action = iptables-multiport[name=ConnLimit, port="http,https", protocol=tcp] 
logpath = /var/log/nginx/*error.log 
findtime = 300 
bantime = 259200
maxretry = 100

[ssh]

enabled = true
port = SSH_PORT
filter = sshd
logpath = /var/log/auth.log
maxretry = 3
bantime = -1
the push 2 years ago			`[DEFAULT]`

			`ignoreip = 127.0.0.1/8 IP`
			`bantime = 3600`
			`findtime = 3600`
			`#mta = mail`
			`#destemail =`
			`#sendername = Fail2BanAlerts`
			`#action = %(action_mwl)s`

			`[nginx-http-auth]`

			`enabled = true`
			`filter = nginx-http-auth`
			`port = http,https`
			`logpath = /var/log/nginx/*error.log`
			`bantime = 259200`

			`#[nginx-badbots]`

			`#enabled = true`
			`#port = http,https`
			`#filter = nginx-badbots`
			`#logpath = /var/log/nginx/access.log`
			`#maxretry = 2`

			`[nginx-badbots]`

			`enabled = true`
			`port = http,https`
			`filter = nginx-badbots`
			`failregex = ^<HOST> -."(GET\|POST\|HEAD).HTTP.*" 437`
			`#ignoreregex =`
			`backend = auto`
			`logpath = /var/log/nginx/*access.log`
			`bantime = 259200`
			`maxretry= 1`

			`[nginx-nohome]`

			`enabled = true`
			`port = http,https`
			`filter = nginx-nohome`
			`logpath = /var/log/nginx/*access.log`
			`bantime = 259200`
			`maxretry = 2`

			`[nginx-noproxy]`

			`enabled = true`
			`port = http,https`
			`filter = nginx-noproxy`
			`logpath = /var/log/nginx/*access.log`
			`bantime = 259200`
			`maxretry = 2`

			`[nginx-req-limit]`

			`enabled = true`
			`filter = nginx-req-limit`
			`action = iptables-multiport[name=ReqLimit, port="http,https", protocol=tcp]`
			`logpath = /var/log/nginx/*error.log`
			`findtime = 600`
			`bantime = 259200`
			`maxretry = 10`

			`[nginx-conn-limit]`

			`enabled = true`
			`filter = nginx-conn-limit`
			`action = iptables-multiport[name=ConnLimit, port="http,https", protocol=tcp]`
			`logpath = /var/log/nginx/*error.log`
			`findtime = 300`
			`bantime = 259200`
			`maxretry = 100`

			`[ssh]`

			`enabled = true`
			`port = SSH_PORT`
			`filter = sshd`
			`logpath = /var/log/auth.log`
			`maxretry = 3`
			`bantime = -1`