Mercurial > repos > other > Puppet
changeset 187:6c260427a94c puppet-3.6
Reduce Apache Instaban ban duration to reduce reboot time
We're getting flooded with hundreds of failures per day, which
keeps nearly 1000 entries in Fail2Ban, which then "unbans" each
and every IP on stop. As the system only does a few unbans per
second then this can take three minutes to stop (e.g. at shutdown)!
May need to alter "repeat offender" in future
| author | IBBoard <dev@ibboard.co.uk> |
|---|---|
| date | Sat, 02 Feb 2019 16:30:40 +0000 |
| parents | 5e274dfc4b39 |
| children | 91d4b88b7568 |
| files | common/fail2ban/jail.local |
| diffstat | 1 files changed, 2 insertions(+), 2 deletions(-) [+] |
line wrap: on
line diff
--- a/common/fail2ban/jail.local Tue Jan 08 20:13:18 2019 +0000 +++ b/common/fail2ban/jail.local Sat Feb 02 16:30:40 2019 +0000 @@ -35,8 +35,8 @@ filter = ibb-apache-exploits-instaban action = firewall-ban[name=ApacheInstaban,chain=Fail2Ban,port="80,443"] logpath = /var/log/apache/access_*.log -findtime = 604800 -bantime = 604800 +findtime = 86400 +bantime = 86400 [apache-auth] enabled = true