From 2d81fa7217cfddff826345fde94d2f2c3e0fc363 Mon Sep 17 00:00:00 2001
From: Aaron Suggs <aaron@ktheory.com>
Date: Thu, 20 Jun 2013 10:54:30 -0400
Subject: [PATCH] Clarify Fail2Ban readme

---
 README.md | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/README.md b/README.md
index 787cefd..ec5e6c0 100644
--- a/README.md
+++ b/README.md
@@ -88,18 +88,20 @@ A [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/Request.html) objec
       req.path == '/login' && req.post? && req.user_agent == 'BadUA'
     end
 
-`Rack::Attack::Fail2Ban` can be combined with blacklists to block all requests from misbehaving clients.
+#### Fail2Ban
+
+`Fail2Ban.filter` can be used within a blacklists to block all requests from misbehaving clients.
 This pattern is inspired by [fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page).
 See the [fail2ban documentation](http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options) for more details on
 how the parameters work.
 
-    # Block requests from IP addresses that misbehave.
-    # Allow up to 3 bad requests within 10 minutes, then ban the IP for 5 minutes if exceeded
+    # Block requests containing '/etc/password' in the params.
+    # After 3 blocked requests in 10 minutes, block all requests from that IP for 5 minutes.
     Rack::Attack.blacklist('fail2ban pentesters') do |req|
       # `filter` returns truthy value if request fails, or if it's from a previously banned IP
-      # this causes `blacklist` to block the request
+      # so the request is blocked
       Rack::Attack::Fail2Ban.filter(req.ip, :maxretry => 3, :findtime => 10.minutes, :bantime => 5.minutes) do
-        # if block is truthy, the count for the IP is incremented
+        # The count for the IP is incremented if the return value is truthy.
         CGI.unescape(req.query_string) =~ %r{/etc/passwd}
       end
     end