joao.goncalves
/
NgixProxy_Pathfinder
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

[Auto-Sync] Atualização das configurações em srvproxy001.itguys.com.br - 2025-09-28 12:14:39

This commit is contained in:
srvproxy001.itguys.com.br 2025-09-28 12:14:40 -03:00
parent 27e4b129d4
commit 7419cedb67
1 changed files with 0 additions and 61 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
fail2ban/jail.local
View File

@ -17,64 +17,3 @@ enabled = true
backend = systemd backend = systemd
# --- AS NOSSAS JAILS PERSONALIZADAS PARA O NGINX --- # --- AS NOSSAS JAILS PERSONALIZADAS PARA O NGINX ---
[nginx-json-attacks]
enabled = true
port = http,https
# Usa o filtro nginx-json-attacks
filter = nginx-json-attacks
logpath = /var/log/nginx/access.log
maxretry = 5
findtime = 30s
bantime = 2h
[nginx-ddos]
enabled = false
port = http,https
# Usa o filtro nginx-json-ddos
filter = nginx-json-ddos
logpath = /var/log/nginx/access.log
maxretry = 100
findtime = 60s
bantime = 1h
[recidive]
enabled = true
logpath = /var/log/fail2ban.log
banaction = %(banaction_allports)s
bantime = 1w
findtime = 1d
maxretry = 3
[gitea]
enabled = true
port = http,https
filter = nginx-json-gitea
logpath = /var/log/nginx/access.log
maxretry = 5
findtime = 5m
bantime = 1h
[exchange-authip]
enabled = true
port = https
# O tráfego de login é sempre HTTPS
filter = nginx-json-exchange
logpath = /var/log/nginx/access.log
maxretry = 5
# Bane após 5 tentativas de login
findtime = 5m
# Numa janela de 5 minutos
bantime = 24h
# Bane por 24 horas. Ataques ao Exchange são sérios.
[nginx-json-scanners]
enabled = true
port = http,https
filter = nginx-json-scanners
logpath = /var/log/nginx/access.log
maxretry = 2
# Scanners não precisam de muitas chances.
findtime = 10m
bantime = 1w
# Bane scanners por uma semana.