Web Server Templates

Protection templates for Nginx and Apache web servers.

nginx-http-auth

Protects HTTP Basic Authentication endpoints.

Setting	Default
Port	80, 443
Log Path	/var/log/nginx/error.log
Max Retry	5
Find Time	10 minutes
Ban Time	1 hour

Detected Patterns

• Password mismatch
• User not found
• No credentials provided

Log Path Options

Setup	Log Path
Standard	/var/log/nginx/error.log
Multiple sites	/var/log/nginx/*error.log
Custom	Your configured error log path

nginx-botsearch

Detects vulnerability scanners and bots by monitoring for 404/403/etc errors.

Setting	Default
Port	80, 443
Log Path	/var/log/nginx/access.log
Max Retry	10
Find Time	10 minutes
Ban Time	1 hour

Detected Patterns

HTTP status codes:

• 400 - Bad Request
• 403 - Forbidden
• 404 - Not Found
• 405 - Method Not Allowed
• 444 - Connection Closed (Nginx specific)

Why Higher Max Retry?

Legitimate users may hit 404s when:

• Following old bookmarks
• Mistyping URLs
• Crawlers indexing dead links

Setting maxretry to 10 catches scanners while allowing normal use.

Configuration Tips

For High-Traffic Sites:

maxretry: 20
findtime: 5m

For APIs/Sensitive Endpoints:

maxretry: 5
bantime: 24h

apache-auth

Apache HTTP authentication failures.

Setting	Default
Port	80, 443
Log Path	/var/log/apache2/error.log
Max Retry	5
Find Time	10 minutes
Ban Time	1 hour

Detected Patterns

• Password mismatch (AH01617)
• User not found (AH01618)
• Wrong authentication scheme (AH01614)
• Access denied by configuration (AH01797)

Log Path Options

OS	Default Path
Debian/Ubuntu	/var/log/apache2/error.log
RHEL/CentOS	/var/log/httpd/error_log

Use Cases

Static Website

Enable:

• nginx-botsearch (catch scanners)

API Server

Enable:

• nginx-http-auth (if using HTTP auth)
• nginx-botsearch (with lower threshold)

Admin Panel

Enable:

• nginx-http-auth (protect login)
• nginx-botsearch

Configure:

# Lower thresholds for admin areas
maxretry: 3
bantime: 24h