In this tutorial, we will learn how to protect nginx with Fail2Ban in Plesk.
Fail2Ban protects servers from brute-force attacks. Written in the Python programming language, it is able to run on POSIX systems that have an interface to a packet-control system or firewall installed locally, for example, iptables or TCP Wrapper. Fail2Ban is then used to update firewall rules to reject the IP addresses for a specified amount of time, although any arbitrary other action (e.g. sending an email) could also be configured. Out of the box Fail2Ban comes with filters for various services (apache, courier, ssh, etc).
Let’s protect nginx with Fail2Ban in Plesk.
1. Access the Plesk server via SSH
2. Edit nginx.conf file
# vi /etc/fail2ban/jail.d/nginx.conf
Add the following content:
[nginx-http-auth]enabled = true
filter = nginx-http-auth
action = iptables-multiport[name=nginx, port=”http,https”] logpath = /var/log/nginx/*error*.log
bantime = 600
maxretry = 6
[nginx-badbots]enabled = true
action = iptables-multiport[name=BadBots, port=”http,https”] filter = nginx-badbots
logpath = /var/log/nginx/access.log
maxretry = 2
Save & exit.
3. Open nginx-http-auth.conf file:
# vi /etc/fail2ban/filter.d/nginx-http-auth.conf
Add the following contents:
[Definition]failregex = ^ \[error\] \d+#\d+: \*\d+ user “\S+”:? (password mismatch|was not found in “.*”), client: <HOST>, server: \S+, request: “\S+ \S+ HTTP/\d+\.\d+”, host: “\S+”\s*$
^ \[error\] \d+#\d+: \*\d+ no user/password was provided for basic authentication, client: <HOST>, server: \S+, request: “\S+ \S+ HTTP/\d+\.\d+”, host: “\S+”\s*$
Save & exit
4. Copy pache-badbots.conf file and rename it with nginx-badbots.conf :
# cp /etc/fail2ban/filter.d/apache-badbots.conf /etc/fail2ban/filter.d/nginx-badbots.conf
5. Restart the fail2ban service to apply the changes:
# systemctl restart fail2ban
This is tutorial, we have seen how our support engineer protect nginx with Fail2Ban in Plesk.
[Need assistance to fix this error or install tools? We’ll help you.]