• Skip to content
  • Skip to primary sidebar
  • Skip to footer

Foliovision

Making the web work for you

Main navigation

  • Weblog
    • FV Player
    • WordPress
    • Video of the Week
    • Case Studies
    • Business
  • About
    • Testimonials
    • Meet the Team
    • We Support
    • Careers
    • Contact
    • Pricing
  • Products
  • Support
    • FV Player Docs
    • Pro Support
  • Login
  • Basket is empty

How to block malicious web requests with BusinessPress

  1. Make sure you follow the guide to setup fail2ban for BusinessPress
  2. Edit /etc/fail2ban/action.d/iptables.conf, changing blocktype = REJECT --reject-with icmp-port-unreachable and blocktype = REJECT --reject-with icmp6-port-unreachable to blocktype = DROP. This is necessary to avoid multiple malicious requests to be sent over the already established TCP connection.
  3. Create /etc/fail2ban/filter.d/waf.conf:
# Fail2Ban configuration file
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = (?:wordpress|wp)

# Option:  failregex
# Notes.:  regex to match the password failures messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = ^%(__prefix_line)sBusinessPress WAF .* from <HOST>$

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =
  1. Create /etc/fail2ban/jail.d/waf.conf:
[waf]
enabled = true
filter = waf
logpath = /var/log/auth.log
port = http,https

maxretry = 1 ; ban after a single bad try
findtime = 1200
bantime = -1 ; bans the IP forever

ignoreip = 127.0.0.1 {your server IP here}
  1. Run fail2ban-client reload and fail2ban-client status, you should now see waf in the list:
# fail2ban-client status
Status
|- Number of jail:  4
`- Jail list:   repeated, sshd, waf, wordpress
  1. Use a VPN or some spare server to make a request to URL like https://your-site.com/.env.

  2. Check fail2ban-client status waf to verify that the IP has been banned.

Reader Interactions

Primary Sidebar

My Account

  • My Licenses
  • My Profile
  • Invoices
  • Affiliate Area
  • Log Out

BusinessPress

  1. How to setup login protection
  2. How to block repeated offenders
  3. How to block malicious web requests

Footer

Our Plugins

  • FV WordPress Flowplayer
  • FV Thoughtful Comments
  • FV Simpler SEO
  • FV Antispam
  • FV Gravatar Cache
  • FV Testimonials

Free Tools

  • Pandoc Online
  • Article spinner
  • WordPress Password Finder
  • Delete LinkedIn Account
  • Responsive Design Calculator
Foliovision logo
All materials © 2023 Foliovision s.r.o. | Panská 12 - 81101 Bratislava - Slovakia | info@foliovision.com
  • This Site Uses Cookies
  • Privacy Policy
  • Terms of Service
  • Site Map
  • Contact
  • Tel. ‭+421 2/5292 0086‬

We are using cookies to give you the best experience on our website.

You can find out more about which cookies we are using or switch them off in settings.

Powered by  GDPR Cookie Compliance
Privacy Overview

This website uses cookies so that we can provide you with the best user experience possible. Cookie information is stored in your browser and performs functions such as recognising you when you return to our website and helping our team to understand which sections of the website you find most interesting and useful.

Necessary Cookies

Strictly Necessary Cookie allow you to log in and download your software or post to forums.

We use the WordPress login cookie and the session cookie.

If you disable this cookie, we will not be able to save your preferences. This means that every time you visit this website you will need to enable or disable cookies again.

Support Cookies

Foliovision.com uses self-hosted Rocket.chat and self-hosted Freescout support desk to provide support for FV Player users. These cookies allow our visitors to chat with us and/or submit support tickets.

We are delighted to recommend self-hosted Rocket.chat and especially Freescout to other privacy-conscious independent publishers who would prefer to self-host support.

Please enable Strictly Necessary Cookies first so that we can save your preferences!

3rd Party Cookies

This website uses Google Analytics and Statcounter to collect anonymous information such as the number of visitors to the site, and the most popular pages.

Keeping this cookie enabled helps us to improve our website.

We reluctantly use Google Analytics as it helps us to test FV Player against popular Google Analytics features. Feel free to turn off these cookies if they make you feel uncomfortable.

Statcounter is an independent Irish stats service which we have been using since the beginning of recorded time, sixteen years ago.

Please enable Strictly Necessary Cookies first so that we can save your preferences!