[FR]: nginx-limit-conn.conf

[aster2709]

hi team, fail2ban does the job well for limit based on limit_req_zone but i am struggling to ban limit_conn_zone dos'ers

how can one do that?

the log for rate limited by connection zone looks like this

2024/02/09 07:13:23 [error] 1094206#1094206: *20848 limiting connections by zone "two", client: <ip>, server: <server>, request: <request>, host: <host>

it is limited by limit_conn directive in nginx config

limit_conn two 5;

most limit_req and limit_conn are implemented together, but jail exists only for limit_req

help apprciated

[sebres]

The diff for stock nginx-limit-req filter may look like this:

 failregex = ^%(__prefix_line)slimiting requests, excess: [\d\.]+ by zone "(?:%(ngx_limit_req_zones)s)", client: <HOST>,
+            ^%(__prefix_line)slimiting connections by zone "(?:%(ngx_limit_req_zones)s)", client: <ADDR>,

As long as it is not extended yet, one can achieve this with local-config /etc/fail2ban/filter.d/nginx-limit-req.local:

[Definition]
failregex = %(known/failregex)s
            ^%(__prefix_line)slimiting connections by zone "(?:%(ngx_limit_req_zones)s)", client: <ADDR>,