filter.d/http-xensec.conf

# setup /etc/fail2ban/filter.d/http-xensec.conf
# fail2ban-regex "/home/nginx/domains/*/log/access.log" /etc/fail2ban/filter.d/http-xensec.conf --print-all-matched

[Definition]
# Option: failregex
# Note: This regex will match any GET entry in your logs, so basically all valid and not valid entries are a match.
# You should set up in the jail.conf file, the maxretry and findtime carefully in order to avoid false positives.

# Samples logs
#195.211.213.225 - - [27/Aug/2012:13:12:12 -0500] "POST /register/register HTTP/1.0" 200 37130
#173.11.171.129 - - [27/Aug/2012:13:15:11 -0500] "POST /register/register HTTP/1.0" 200 37507
#128.252.11.235 - - [27/Aug/2012:13:17:46 -0500] "POST /register/register HTTP/1.1" 200 11373

failregex = ^<HOST> -.*POST /register/register

# Option: ignoreregex
# Notes.: regex to ignore. If this regex matches, the line is ignored.
# Values: TEXT
#
ignoreregex =