fail2ban edit

[vestacp89]

Hello,

I try scraping my website for see how work vestacp default firewall,
I make 10 000 request per 1sec and just 50% is blocked so 5000 request per sec work fine,
5000 sec per sec is a lot how i can edit this to some less number e.g. 5 request per sec ?
If i add 5 request per sec this will block some my regular users on page if make more then 5 request per sec?

Thank you.

[vestacp89]

Hi,

I use free firewall from ConfigServer, called csf.

Thats the best you will ever find.

On my server, fail2ban is turned off.

The csf handles and does all the work in an excellent manner, precisely what you are trying to achieve with 5000 requests. Further, it will offer you many more functions and a vast area of protection on many important security areas.

I advice you to turn off fail2ban and use csf. Of course, it will ban the users that fails to login,. But it will do much more.

Can you please tell me which all commands i need add in ubuntu terminal for stop fail2ban and turn on csf,
also i need edit csf or default settings is enough?

Thank you.

[KhaoMaNee]

Hello,

I try scraping my website for see how work vestacp default firewall,
I make 10 000 request per 1sec and just 50% is blocked so 5000 request per sec work fine,
5000 sec per sec is a lot how i can edit this to some less number e.g. 5 request per sec ?
If i add 5 request per sec this will block some my regular users on page if make more then 5 request per sec?

Thank you.

Are you trying to block IPs that are trying to snoop around your server files (maybe to execute something) or some type of flooding? What is the fail2ban filter you're using for this purpose?

not exactly sure why fail2ban would block the regular users.

[Syeef]

Csf is specifically designed for advanced features to even coordinate many additional services and bring them under protection under one roof. The same csf script will count failure in login attempts by an IP and block it.

If the same IP does some more non-sense with any other service, it would be able to block it too. It could also block the same IP attempt of malicious with x minutes or hours.

Which means a malicious attempt on SMTP could be counted against an another malicious attempt of IMAPS or even http, which could eventually be blocked for the entire C octet of that IP. It could also provide flood protection and DoS, etc.

Thats what you wanna achieve, right? Default IP tables is a wonderful piece of garbage for this requirement here, which should/could be turned off upon csf being on.

^ Csf sounds wonderful from what you said... do you recommend installing this? i currently have iptables + fail2ban.

also if you could point me to some guide how to install that and un-install my current iptables + fail2ban... that would be helpful. I am running CentOS 6.7 x64.