Skip to main content

Fail2Ban LLM Bot User Agent Filter for NGINX

# Fail2Ban filter to match bad requests to nginx
#
[INCLUDES]
before = common.conf

[Definition]

# The request often doesn't contain a method, only some encoded garbage
# This will also match requests that are entirely empty
logtype = journal
failregex = ^%(__prefix_line)s<HOST> - - .*? \".*?\" \d{1,3} \d+ \".*?\" \".*?(?:GPTBot|ClaudeBot|Google-CloudVertexBot|Bytespider|CCBot|meta-externalagent|FacebookBot|Amazonbot).*?\"
journalmatch = _SYSTEMD_UNIT=docker.service CONTAINER_NAME=pi3b-proxy-nginx-fail2ban-1


No comments to display

Back to top