Clarify Fail2Ban readme

2026-04-27 15:07:41 +00:00 · 2013-06-20 10:54:30 -04:00 · 2013-06-20 10:54:30 -04:00 · 2d81fa7217
commit 2d81fa7217
parent 24143dd195
1 changed files with 7 additions and 5 deletions
--- a/README.md
+++ b/README.md
@ -88,18 +88,20 @@ A [Rack::Request](http://rack.rubyforge.org/doc/classes/Rack/Request.html) objec
      req.path == '/login' && req.post? && req.user_agent == 'BadUA'
    end
-`Rack::Attack::Fail2Ban` can be combined with blacklists to block all requests from misbehaving clients.
+#### Fail2Ban
 `Fail2Ban.filter` can be used within a blacklists to block all requests from misbehaving clients.
 This pattern is inspired by [fail2ban](http://www.fail2ban.org/wiki/index.php/Main_Page).
 See the [fail2ban documentation](http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options) for more details on
 how the parameters work.
-    # Block requests from IP addresses that misbehave.
+    # Block requests containing '/etc/password' in the params.
-    # Allow up to 3 bad requests within 10 minutes, then ban the IP for 5 minutes if exceeded
+    # After 3 blocked requests in 10 minutes, block all requests from that IP for 5 minutes.
    Rack::Attack.blacklist('fail2ban pentesters') do |req|
      # `filter` returns truthy value if request fails, or if it's from a previously banned IP
-      # this causes `blacklist` to block the request
+      # so the request is blocked
      Rack::Attack::Fail2Ban.filter(req.ip, :maxretry => 3, :findtime => 10.minutes, :bantime => 5.minutes) do
-        # if block is truthy, the count for the IP is incremented
+        # The count for the IP is incremented if the return value is truthy.
        CGI.unescape(req.query_string) =~ %r{/etc/passwd}
      end
    end