I have RHEL6U2, and Apache on it (webmail). I have installed fail2ban, and activated it for ssh-login and pop3imap-login failures, I have also tested it, and it works as it should. Now I have activated apache-badbots option of fail2ban, but do not know how to test it. Please help.
Use fail2ban-regex to test your regex. You can check against "real" logfiles or just strings representing a log line.
Thak you Thank you for the hint. I did that, but found nothing in logs. I would like to fake a bot attack, to test the configuration, and I have no idea how to do that. Testing for ssh and pop3imap was easy...
To test your configs, check your apache-badbots.conf and find the failregex. Mine looks like Code: failregex = ^<HOST> -.*"(GET|POST).*HTTP.*"(?:%(badbots)s|%(badbotscustom)s)"$ Chose one entry from "badbots" and run fail2ban-regex with a test-string against your apache-badbots.conf: Code: fail2ban-regex '1.2.3.4 - - [12/Feb/2013:10:53:59 +0100] "GET / HTTP/1.1 200" 39460 "-" "autoemailspider"' /etc/fail2ban/filter.d/apache-badbots.conf You should get something like "Success, the total number of match is 1"
