mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
dd7f8dd1a2debb34421699d8b0e0366dc84f9eed
Fail2Ban-Dashboard---NPM/fail2ban/filter.d/badbot.conf
gitea dd7f8dd1a2 Initial release: F2B Control Center v1.0 
Dockerized Fail2Ban + dashboard for Nginx Proxy Manager.

- Single-container image (fail2ban + Node.js + supervisord)
- Pre-built NPM filters: badbot, http-errors, npm-probe, manual-bans
- Web dashboard with live ban feed, log scanner, AbuseIPDB integration
- Configurable via environment variables and .env file
- Persistent volumes for config and ban history
- Webhook support for ban event notifications
- README, .gitignore, MIT license

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 14:40:59 +00:00

29 lines
2.2 KiB
Plaintext
Raw Blame History

# ── F2B Control Center — badbot filter ───────────────────────────────────────
#
# Blocks known malicious scanners, vulnerability testers, and exploit frameworks
# by their HTTP User-Agent string.
#
# LOG FORMAT:
# Primary pattern matches NPM logs with [Client IP] real-IP field:
# PROXY_IP - - [date] "GET /" 200 146 "-" "UserAgent" [Client REAL_IP]
#
# If your NPM logs have the client IP at line start (standard nginx combined),
# uncomment the alternative failregex lines instead.
# ─────────────────────────────────────────────────────────────────────────────
[Definition]
# ── Primary: NPM [Client IP] format ──────────────────────────────────────────
failregex = ^[^ ]+ - -[^\[]*\[[^\]]+\] "[A-Z]+ [^"]*" \d{3} \d+ "[^"]*" "(?:masscan|zgrab|python-requests|Go-http-client/1\.1|[Nn]uclei|sqlmap|dirbuster|gobuster|nikto|nmap|wfuzz|Metasploit|libwww-perl|WPScan|ZmEu|jorgee|NetcraftSurveyAgent|Expanse|Shodan|censys|BinaryEdge|internet-measurement|SemrushBot|AhrefsBot)[^"]*" \[Client <HOST>\]
# ── Alternative: standard nginx combined format (IP at line start) ────────────
# Uncomment and comment out the Primary line above to use this instead.
# failregex = ^<HOST> - -[^\[]*\[[^\]]+\] "[A-Z]+ [^"]*" \d{3} \d+ "[^"]*" "(?:masscan|zgrab|python-requests|Go-http-client/1\.1|[Nn]uclei|sqlmap|dirbuster|gobuster|nikto|nmap|wfuzz|Metasploit|libwww-perl|WPScan|ZmEu|jorgee|NetcraftSurveyAgent|Expanse|Shodan|censys|BinaryEdge|internet-measurement)[^"]*"
ignoreregex =
# ── Notes ────────────────────────────────────────────────────────────────────
# Add more UA patterns to the failregex alternation as needed.
# Test your filter with:
# fail2ban-regex /nginx-logs/proxy-host-1_access.log /etc/fail2ban/filter.d/badbot.conf
Reference in New Issue View Git Blame Copy Permalink