I get many attacks on my debian apache server that include URL-manipulations like
http://url_on_my_eserver/?username=/etc/passwd
How can I block these attacks?
Fail2Ban should never be your first line of defense, after properly handling the input you can utilize Fail2Ban by using a failregex
like this
failregex = ^<HOST> -.*GET.*\/etc\/passwd
Another commonly used filter to block the PHP File Injection/Inclusion attacks
[php-url-fopen]
enabled = true
port = http,https
filter = php-url-fopen
logpath = [YOUR_ACCESS_LOG_PATH]
maxretry = 1
You can include that in your jail.conf
Update:
As a response to your comment, you can use multiple lines in logpath
, for example:
logpath = /somepath/*wild/log
/some/other/path/log