Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/regex/19.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
试图阻止在fail2ban上使用regex的访问者_Regex_Nginx_Fail2ban - Fatal编程技术网
Fatal编程技术网
  • regex/
  • 试图阻止在fail2ban上使用regex的访问者

试图阻止在fail2ban上使用regex的访问者

regex nginx

试图阻止在fail2ban上使用regex的访问者,regex,nginx,fail2ban,Regex,Nginx,Fail2ban,我收到大量的PHP文件请求,这些文件在我的wordpress中不存在。 它们显示在nginx错误日志中,如下两个示例: 2019/06/24 03:16:43 [error] 4201#4201: *17573871 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (No such file or dir

我收到大量的PHP文件请求,这些文件在我的wordpress中不存在。 它们显示在nginx错误日志中,如下两个示例:

2019/06/24 03:16:43 [error] 4201#4201: *17573871 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (No such file or directory)" while reading response header from upstream, client: 172.68.189.50, server: mywebsite.net, request: "GET /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.2-fpm.sock:", host: "mywebsite.net"
2019/06/24 03:16:43 [error] 4201#4201: *17573871 FastCGI sent in stderr: "Unable to open primary script: /var/www/html/vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php (No such file or directory)" while reading response header from upstream, client: 172.68.189.50, server: mywebsite.net, request: "POST /vendor/phpunit/phpunit/src/Util/PHP/eval-stdin.php HTTP/1.1", upstream: "fastcgi://unix:/var/run/php/php7.2-fpm.sock:", host: "mywebsite.net"
我试过制作一个noscript过滤器

在文件/etc/fail2ban/jail.local中,我输入:

[nginx-noscript]

enabled  = true
port     = http,https
filter   = nginx-noscript
logpath  = /var/log/nginx/error.log
maxretry = 2
在文件/etc/fail2ban/filter.d/nginx-noscript.conf中,我输入:

[Definition]

failregex = \[error\] \d+#\d+: \*\d+ (FastCGI sent in stderr: "Unable to open primary script:)

ignoreregex =
但是这个过滤器没有捕获这些类型的404。
systemctl重新启动fail2ban
后,fail2ban日志显示这些错误消息

2019-06-24 16:11:05,548 fail2ban.filter         [6182]: ERROR   No failure-id group in '\[error\] \d+#\d+: \*\d+ (FastCGI sent in stderr: "Unable to open primary script:)'
2019-06-24 16:11:05,548 fail2ban.transmitter    [6182]: WARNING Command ['set', 'nginx-noscript', 'addfailregex', '\\[error\\] \\d+#\\d+: \\*\\d+ (FastCGI sent in stderr: "Unable to open primary script:)'] has failed. Received RegexException('No failure-id group in \'\\[error\\] \\d+#\\d+: \\*\\d+ (FastCGI sent in stderr: "Unable to open primary script:)\'',)
2019-06-24 16:11:05,549 fail2ban                [6182]: ERROR   NOK: ('No failure-id group in \'\\[error\\] \\d+#\\d+: \\*\\d+ (FastCGI sent in stderr: "Unable to open primary script:)\'',)
我做错了什么。这类nginx错误日志的完整正则表达式是什么。

这应该有效(对于fail2ban>=0.10):

failregex=^\s*\[error\]\d+\\*\d+:\*\d+FastCGI在stderr中发送:“从上游读取响应头时无法打开主脚本:[^”]*,客户端:
如果您有较旧的版本(0.9或更低),请使用
而不是
(最好使用
usedns=no
禁用监狱DNS查找).

删除
^
$
锚,它们需要完整的字符串匹配。它仍然不起作用@WiktorStribiżewIt.@WiktorStribiżew fail2ban regex配置中还有一些其他问题。我添加了这些错误消息。 
failregex = ^\s*\[error\] \d+#\d+: \*\d+ FastCGI sent in stderr: "Unable to open primary script: [^"]*" while reading response header from upstream, client: <ADDR>