From Fail2ban
Revision as of 12:29, 8 April 2012 by Rancor (Talk | contribs) (Added regex vor NginX)

Jump to: navigation, search

NginX HTTP Server nginx [engine x] is a HTTP and reverse proxy server, as well as a mail proxy server written by Igor Sysoev. It has been running for more than five years on many heavily loaded Russian sites including Rambler ( According to Netcraft nginx served or proxied 4.70% busiest sites in April 2010


  • 2011/07/16 10:27:48 [error] 5508#0: *223811 open() "/var/www/test.jpg" failed (2: No such file or directory), client:, server:, request: "GET /test.jpg HTTP/1.1", host: "", referrer: ""
  • 2011/07/16 12:00:37 [error] 5508#0: *234170 user "test" was not found in "/var/www/.htpasswd", client:, server:, request: "GET / HTTP/1.1", host: ""
  • 2011/07/16 12:01:15 [error] 5508#0: *234170 user "test": password mismatch, client:, server:, request: "GET / HTTP/1.1", host: ""


The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.

Authentication failure

  • user .* password mismatch, client: <HOST>

User not found

  • user .* was not found in .*, client: <HOST>


There are many ways to include php into nginx, the most common way is to use spawncgi from lighttpd or php-fpm. NginX with php-fpm doesn't log failed requests for missing .php files, but i'm testing some stuff to get logs like the "normal" php to use a similar failregex like in Apache

Additionaly, Suhosin can be installed and the Rule from Fail2ban:Community_Portal#suhosin works without a problem.