From Fail2ban
Revision as of 17:46, 8 April 2012 by Rancor (Talk | contribs) (Updated page with more infos)

Jump to: navigation, search

NginX HTTP Server nginx [engine x] is a HTTP and reverse proxy server, as well as a mail proxy server written by Igor Sysoev. It has been running for more than five years on many heavily loaded Russian sites including Rambler ( According to Netcraft nginx served or proxied 4.70% busiest sites in April 2010


  • 2012/04/07 08:27:31 [error] 13409#0: *373855 "/var/www/index.html" is not found (2: No such file or directory), client:, server:, request: "GET /index.html HTTP/1.0", host: "", referrer: ""
  • 2011/07/16 10:27:48 [error] 5508#0: *223811 open() "/var/www/test.jpg" failed (2: No such file or directory), client:, server:, request: "GET /test.jpg HTTP/1.1", host: "", referrer: ""
  • 2011/07/16 12:00:37 [error] 5508#0: *234170 user "test" was not found in "/var/www/.htpasswd", client:, server:, request: "GET / HTTP/1.1", host: ""
  • 2011/07/16 12:01:15 [error] 5508#0: *234170 user "test": password mismatch, client:, server:, request: "GET / HTTP/1.1", host: ""


The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.

Authentication failure

  • user .* password mismatch, client: <HOST>

User not found

  • user .* was not found in .*, client: <HOST>

apache-nohome.conf in Debian

  • This file isn't useful, just check for a machting .*/~.* with the file not found / failed message regex

apache-badbots.conf in Debian

  • This file is the only apache config file which can be used without a modification.

File not found / failed messages (Here you can use apache_noscript.conf as described here:


and use

  • .*/(foo|bar|xyz)" (is not found|failed) \(2: No such file or directory\), client: <HOST>

instead of:

  • [[]client <HOST>[]] (File does not exist|script not found or unable to stat): .*/(foo|bar|xyz)


There are many ways to include php into nginx, the most common way is to use spawncgi from lighttpd or php-fpm. If NginX is Configures properly [1] it doesn't forward not found .php files to the normal error.log and you can use the above file not found / failed regexes to make the checks. Additionaly, Suhosin can be installed and the Rule from Fail2ban:Community_Portal#suhosin works without a problem.