CUSTOM LOG and picking banning ip
Posted: 07 Aug 2014, 16:50
Hi there, I'm trying to get my server hardened by blocking requests to 404 requests, since I'm getting flooded by them on a DDOS attack.
I have the following log format example for my apache log in virtualmin
I've tested in rubular and it works fine.
I have the following code in regex.custom.pm
my custom1_log file is set correctly...
Have restarted csf/lfd, and I can hit the site with ab to test, and I get nothing
Any idea where and what I can do to work out the problem?
Thanks
I have the following log format example for my apache log in virtualmin
Code: Select all
37.59.96.198 - - [07/Aug/2014:06:25:45 +0100] "POST /xmlrpc.php HTTP/1.0" 404 104 "-" "Mozilla/4.0 (compatible: MSIE 7.0; Windows NT 6.0I have the following code in regex.custom.pm
Code: Select all
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^(\S+) - - \[.+\] (".+") 404/)) {
return ("404 error for url $2",$1,"404error","5","80,443","1");
}
Have restarted csf/lfd, and I can hit the site with ab to test, and I get nothing
Any idea where and what I can do to work out the problem?
Thanks