filters: { // nginx's default combined log format: // $remote_addr - $remote_user [$time_local] "$request" $status $body_bytes_sent "$http_referer" "$http_user_agent" // Ban suspect HTTP requests // Those are frequent malicious requests I got from bots // Make sure you don't have honnest use cases for those requests, or your clients may be banned for 2 weeks! suspectRequests: { regex: import 'reaction/nginx_regex.jsonnet', retry: 2, retryperiod: '6h', actions: banFor('48h'), }, bruteForce: { regex: [ // POST request leading to response "403 Forbidden", // such as a failed login attempt. @'^ - [^\[]+\[[^\]]+\] "POST [^"]*" 403', // Response "429 Too Many Requests" @'^ - [^\[]+\[[^\]]+\] "[^"]*" 429', ], retry: 4, retryperiod: '6h', actions: banFor('6h'), }, },