updated and condensed fail2ban docs

2026-03-25 09:25:49 +00:00 · 2013-06-17 08:51:05 +10:00 · 2013-06-17 08:51:05 +10:00 · 4fe7f2d1ba
commit 4fe7f2d1ba
parent 2819e0d7a4
1 changed files with 3 additions and 14 deletions
--- a/README.md
+++ b/README.md
@ -93,28 +93,17 @@ This pattern is inspired by [fail2ban](http://www.fail2ban.org/wiki/index.php/Ma
 See the [fail2ban documentation](http://www.fail2ban.org/wiki/index.php/MANUAL_0_8#Jail_Options) for more details on
 how the parameters work.

-    # Block requests from IP addresses that misbehave
+    # Block requests from IP addresses that misbehave.
+    # Allow up to 3 bad requests within 10 minutes, then ban the IP for 5 minutes if exceeded
    Rack::Attack.blacklist('fail2ban pentesters') do |req|
      # `filter` returns truthy value if request fails, or if it's from a previously banned IP
      # this causes `blacklist` to block the request
-      Rack::Attack::Fail2Ban.filter("pentest",                  # namespace for cache key
-                                    req.ip,                     # count matching requests based on IP
-                                    :maxretry => 3,             # allow up to 3 bad requests...
-                                    :findtime => 10.minutes,    # to occur within 10 minutes...
-                                    :bantime => 5.minutes) do   # and ban the IP address for 5 minutes if exceeded
+      Rack::Attack::Fail2Ban.filter(req.ip, :maxretry => 3, :findtime => 10.minutes, :bantime => 5.minutes) do
        # if block is truthy, the count for the IP is incremented
        CGI.unescape(req.query_string) =~ %r{/etc/passwd} 
      end
-
    end

-
-Rack::Attack.blacklist('pentest') do |request|
-  Rack::Attack::Fail2Ban.filter('pentest', request.ip, bantime: 10.minutes, findtime: 10.minutes, maxretry: 3) do
-    RACK_ATTACK_DIE_PEN_TESTER_TESTS.any?{|test| test.(request)}
-  end
-end
-
 ### Throttles

    # Throttle requests to 5 requests per second per ip