Score:1

Error trying to ban ip addresses from apache with fail2ban: Sorry but the jail 'apache' does not exist

us flag

I want to use fail2ban to block specific ip addresses with:

sudo fail2ban-client set apache banip 111.111.111.111

I get:

 NOK: ('apache',)
Sorry but the jail 'apache' does not exist

I'm also confused because the jail.conf file does not contain an entry for [apache]. I tried adding it manually and restarting fail2ban. That didn't help.

All the tutorials I've found talk about the [apache] jail but it's absent on my stock version of jail.conf.

I'm running Debian 10 (buster).

Score:0
jp flag

There may not be a single [apache] jail, but it might be split to multiple jails for different purposes. As the [apache] jail is typically handling the authentication failures, you could be looking for [apache-auth].

Additionally, there might be [apache-noscript] to detect clients trying to find exploitable scripts, [apache-overflows] for suspiciously long requests, and [apache-badbots] for known user-agents of spammer robots etc. The name for [apache-fakegooglebot] is self-explanatory.

us flag
Thanks. Yes, I've seen those jails in the config file. So it doesn't really matter which jail I add the ip address ban to?
jp flag
All `[apache-*]` jails on Debian 10 have `port = http,https` by default. Therefore, manually adding an IP address to any of these jails will block its access to ports `80` and `443`.
mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.