stephanethomas · April 27, 2012 08:45
diff --git a/apache-ddos.conf b/apache-ddos.conf
 # Fail2Ban configuration file
 # 
 # 93.114.132.34 - - [27/Apr/2012:09:50:55 +0200] "GET / HTTP/1.1" 200 3241 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
 # sd-31638.dedibox.fr:80 193.33.237.205 - - [26/Apr/2012:13:27:46 +0200] "GET /db/main.php HTTP/1.0" 403 249 "-" "-"
 # 

 [Definition]

 # Option:  failregex
 # Notes.:  regex to match any GET entry in the logfile, so basically all valid 
 #          and not valid entries are a match. You should setup the maxretry and 
 #          findtime carefully in order to avoid false positives.
 # Values:  TEXT
 #
 failregex = ^(?:[a-zA-Z0-9.-]+:\d+ )?<HOST> .*\"GET
	# Fail2Ban configuration file
	#
	# 93.114.132.34 - - [27/Apr/2012:09:50:55 +0200] "GET / HTTP/1.1" 200 3241 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.7; rv:7.0.1) Gecko/20100101 Firefox/7.0.1"
	# sd-31638.dedibox.fr:80 193.33.237.205 - - [26/Apr/2012:13:27:46 +0200] "GET /db/main.php HTTP/1.0" 403 249 "-" "-"
	#

	[Definition]

	# Option: failregex
	# Notes.: regex to match any GET entry in the logfile, so basically all valid
	# and not valid entries are a match. You should setup the maxretry and
	# findtime carefully in order to avoid false positives.
	# Values: TEXT
	#
	failregex = ^(?:[a-zA-Z0-9.-]+:\d+ )?<HOST> .*\"GET