SubINaclS/Lyre
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update techniques/fail2ban/howto_rate_limit_fail2ban.md

Browse Source
This commit is contained in:
SINS 2026-06-03 22:28:21 +00:00
parent 1877d31968
commit 63e76f6be1
1 changed files with 19 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
techniques/fail2ban/howto_rate_limit_fail2ban.md
View File

@ -2,7 +2,7 @@
The Church of Malware (CoM) does not condone the use or introduction of bans onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for built-in rate limiting and automatic banning with Fail2Ban. It covers nginx, Apache, and Fail2Ban integration with the aggressive-bot UA list. The Church of Malware (CoM) does not condone the use or introduction of bans onto any individual, human, or animal; however, AI is neither natural, a human, nor actual intelligence. This focused installation and configuration tutorial provides complete, production-ready steps for built-in rate limiting and automatic banning with Fail2Ban. It covers nginx, Apache, and Fail2Ban integration with the aggressive-bot UA list.
## 1. nginx Rate Limiting (Built-in) ## 1 -- nginx Rate Limiting (Built-in)
```nginx ```nginx
limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s; limit_req_zone $binary_remote_addr zone=ai_limit:10m rate=1r/s;
@ -14,7 +14,7 @@ server {
} }
``` ```
## 2. Apache Rate Limiting (mod_ratelimit) ## 2 -- Apache Rate Limiting (mod_ratelimit)
```apache ```apache
<Location /> <Location />
@ -23,7 +23,7 @@ server {
</Location> </Location>
``` ```
## 3. Fail2Ban Configuration ## 3 -- Fail2Ban Configuration
```ini ```ini
# /etc/fail2ban/jail.local # /etc/fail2ban/jail.local
@ -33,20 +33,32 @@ filter = anubis-tarpit
logpath = /var/log/nginx/ai_violators.log logpath = /var/log/nginx/ai_violators.log
maxretry = 5 maxretry = 5
bantime = 86400 bantime = 86400
[nepenthes-tarpit]
enabled = true
filter = nepenthes-tarpit
logpath = /var/log/nginx/ai_violators.log
maxretry = 3
bantime = 86400
``` ```
Filter example (`/etc/fail2ban/filter.d/anubis-tarpit.conf`): Filter examples:
```ini ```ini
# /etc/fail2ban/filter.d/anubis-tarpit.conf
[Definition]
failregex = ^<HOST> - .* "GET /tarpit/.*" 200
# /etc/fail2ban/filter.d/nepenthes-tarpit.conf
[Definition] [Definition]
failregex = ^<HOST> - .* "GET /tarpit/.*" 200 failregex = ^<HOST> - .* "GET /tarpit/.*" 200
``` ```
## 4. Integration with Aggressive-Bot Map ## 4 -- Integration with Aggressive-Bot Map
Use the same `map` or `SetEnvIf` from the Anubis and Nepenthes guides so rate limiting and Fail2Ban only apply to known violators. Use the same `map` or `SetEnvIf` from the Anubis and decompression how-tos so rate limiting and Fail2Ban only apply to known violators.
## 5. Testing ## 5 -- Testing
```bash ```bash
curl -I -A "GPTBot/1.0" https://example.com/ # rate limited or banned after retries curl -I -A "GPTBot/1.0" https://example.com/ # rate limited or banned after retries