From 3dc427c4678bfff9bec8048f8e0281c9b9184938 Mon Sep 17 00:00:00 2001
From: Ingolf Wagner <contact@ingolf-wagner.de>
Date: Sun, 16 Jun 2024 00:13:07 +0200
Subject: [PATCH] add moar fail2ban rules

---
 components/network/fail2ban.nix | 18 ++++++++++++++++--
 1 file changed, 16 insertions(+), 2 deletions(-)

diff --git a/components/network/fail2ban.nix b/components/network/fail2ban.nix
index aa2231f..3d48d23 100644
--- a/components/network/fail2ban.nix
+++ b/components/network/fail2ban.nix
@@ -19,19 +19,33 @@ with lib;
     # --------------------
     # https://github.com/fail2ban/fail2ban/blob/master/config/jail.conf
     (mkIf config.components.network.fail2ban.enable {
-      services.fail2ban.jails.nginx-git-ingolf-wagner-de.settings = {
+      services.fail2ban.jails.nginx-git-not-found.settings = {
         port = "http,https";
         logpath = "%(nginx_error_log)s";
       };
       environment.etc = {
         # Defines a filter that detects URL probing by reading the Nginx access log
-        "fail2ban/filter.d/nginx-git-ingolf-wagner-de.local".text = ''
+        "fail2ban/filter.d/nginx-git-not-found.local".text = ''
           [Definition]
           failregex = src_addr="<HOST>".*response_statu="404".*host="git\.ingolf-wagner\.de"
           journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
         '';
       };
     })
+    (mkIf config.components.network.fail2ban.enable {
+      services.fail2ban.jails.nginx-git-bad-request.settings = {
+        port = "http,https";
+        logpath = "%(nginx_error_log)s";
+      };
+      environment.etc = {
+        # Defines a filter that detects URL probing by reading the Nginx access log
+        "fail2ban/filter.d/nginx-git-bad-request.local".text = ''
+          [Definition]
+          failregex = src_addr="<HOST>".*response_statu="400".*host="git\.ingolf-wagner\.de"
+          journalmatch = _SYSTEMD_UNIT=nginx.service + _COMM=nginx
+        '';
+      };
+    })
 
   ];