fail2ban: apache-badbots is not working

Question

I have a working fail2ban configuration which not only blocks IPs but also announces them to the AbuseIPDB. This is working fine for sshd and postfix-sasl, but not for apache-badbots (and resultign from that I would assume apache-overflow isn't working too). That's what I have:

In /etc/fail2ban/jail.d/defaults-debian.conf it is enable in same way like the other rules:

[apache-badbots]
enabled = true
# Ban IP and report to AbuseIPDB
action = %(action_)s
         %(action_abuseipdb)s[abuseipdb_apikey="<mykeyhere>", abuseipdb_category="19"]

In /etc/fail2ban/filter.d/apache-badbots.conf the unwanted bots are configured:

[Definition]

badbotscustom = EmailCollector|WebEMailExtrac|TrackBack/1\.02|sogou music spider|MJ12bot|DataForSeoBot|cyberscan.io|dataforseo|SemrushBot
badbots = <loads of predefined bots here>

failregex = ^<HOST> -.*"(GET|POST|HEAD).*HTTP.*".*(?:%(badbots)s|%(badbotscustom)s).*"$

ignoreregex =

But none of these bots are ever detected/blocked/announced. This is true for both, bots that have an referrer and bots that can be identified via the client string only.

Any idea what could be wrong here?

score 0 · Answer 1 · edited Mar 14 '22 at 13:48

0

Have you checked your datepattern? I use:

datepattern = ^[^\[]*\[({DATE})
              {^LN-BEG}
              %%d/%%b/%%Y:%%H:%%M:%%S
              \[%%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z\]
              \[%%d/%%b/%%Y:%%H:%%M:%%S %%z\]

edited Mar 14 '22 at 13:48

Gerald Schneider

23,274
8
57
89

answered Mar 14 '22 at 13:42

technlerd

1

The datepattern was disabled in my configuration. However, when I try yours or the default datepattern, the result is still the same :-( – Elmi May 20 '22 at 04:44

fail2ban: apache-badbots is not working

1 Answers1