环境:Ubuntu 24.04 + 1Panel + OpenResty
安装:
sudo apt update && sudo apt install fail2ban -y
本地配置
sudo cp /etc/fail2ban/jail.conf /etc/fail2ban/jail.local
# 编辑 jail.local 关键部分
sudo nano /etc/fail2ban/jail.local
# [DEFAULT] 段
bantime = 3600
findtime = 600
maxretry = 5
banaction = ufw
banaction_allports = ufw
ignoreip = 127.0.0.1/8 ::1
# [sshd] 段(Ubuntu 24.04 必须用 systemd 后端)
[sshd]
enabled = true
port = ssh
backend = systemd
journalmatch = SYSTEMDUNIT=ssh.service + _COMM=sshd
# 4. 创建 OpenResty 过滤器
sudo tee /etc/fail2ban/filter.d/openresty-4xx.conf <<EOF
[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD|PUT|DELETE).*" (400|403|404) \d+ .*$
ignoreregex =
EOF
# 5. 在 jail.local 末尾添加网站 jail(❗logpath 行不能有行内注释 #)
[openresty-4xx]
enabled = true
port = http,https
filter = openresty-4xx
logpath = /opt/1panel/www/sites/你的域名/log/access.log
maxretry = 60
findtime = 600
bantime = 3600
# 6. 重启并验证
sudo systemctl restart fail2ban
sudo fail2ban-client status # 看到 sshd 和 openresty-4xx 即成功
# 7. 查看封禁
sudo fail2ban-client status sshd
sudo ufw status numbered # 攻击 IP 会显示 DENY
sudo tail -f /var/log/fail2ban.log
# 关键注意事项:
# - logpath 必须真实存在(用 find /www -name "access.log" 查找)
# - 行内不能有 # 注释,否则 Fail2ban 会把注释当路径
# - 1Panel 提示“高级规则仅支持 iptables”可忽略,UFW 正常工作