My server live behind the reverse proxy nginx, but the ip of the client access shows in the apache log like this, looks normal, there is no x-forward things in the log.
103.221.234.206 - - [28/Feb/2024:14:37:29 +0800] "GET /styles/pke/?mejiku=zeus138 HTTP/1.1" 404 3888 "https://x.y.z.a/" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68"
65.109.34.52 - - [28/Feb/2024:14:37:29 +0800] "GET /index.php/index/user/register HTTP/1.1" 200 9568 "https://x.y.z.a/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36"
103.221.234.206 - - [28/Feb/2024:14:37:31 +0800] "GET / HTTP/1.1" 200 8561 "https://x.y.z.a" "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 Safari/537.36 Vivaldi/5.3.2679.68"
194.32.229.95 - - [28/Feb/2024:14:37:32 +0800] "GET /index.php/index/user/register HTTP/1.1" 200 9487 "https://x.y.z.a/" "Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/114.0.0.0 YaBrowser/22.7.0 Yowser/2.5 Safari/537.36"
Next.. the config fail2ban is good but iptables cannot block ip from the ip public. my iptables shown bellow. It only works when ban local ip.
Chain INPUT (policy DROP 22909 packets, 8800K bytes)
pkts bytes target prot opt in out source destination
691K 72M f2b-apache-noscript tcp -- any any anywhere anywhere multiport dports http,https
690K 85M ACCEPT all -- any any anywhere anywhere state RELATED,ESTABLISHED
76 4560 ACCEPT all -- lo any anywhere anywhere
1 60 ACCEPT icmp -- any any anywhere anywhere
1 64 ACCEPT tcp -- any any 10.0.0.0/8 anywhere tcp dpt:ssh
807 42768 ACCEPT tcp -- any any 10.0.0.0/8 anywhere tcp dpt:webmin
0 0 ACCEPT tcp -- any any anywhere anywhere tcp dpt:http
34019 2040K ACCEPT tcp -- any any anywhere anywhere tcp dpt:https
Chain FORWARD (policy DROP 0 packets, 0 bytes)
pkts bytes target prot opt in out source destination
Chain OUTPUT (policy ACCEPT 720K packets, 2306M bytes)
pkts bytes target prot opt in out source destination
Chain f2b-apache-noscript (1 references)
pkts bytes target prot opt in out source destination
0 0 REJECT all -- any any 77.111.244.49 anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any 103.151.140.101 anywhere reject-with icmp-port-unreachable
0 0 REJECT all -- any any 20.125.101.243 anywhere reject-with icmp-port-unreachable
My iptables can not catch up the traffic from that specific ip blocked.
What should I do to make my fail2ban works without changing the network topology where my server is behind the reverse proxy.
iptables
however doesn't inspect HTTP headers, and doesn't match. You have to re-think your approach.solved
or similar statements is not how things are done. Please post an answer and accept that. In that answer include that link and preferably a short summary in case that link dies