✓ Solved

Fail2Ban do not log apache jail

Hi there

I'm trying to set up a Fail2Ban jail for unwanted incoming traffic on my Linode. This I do with Fail2Ban and it is working for the sshd-port.

Now I want to jail unwanted attacks on my apache server. I do this with the forllowing jail code:

enabled = false
port = http,https
filter = apache-noscript
action = iptables-multiport[name=NoScript, port="http,https"]
logpath = /var/log/apache2/*error.log
maxretry = 3
bantime = 3600

But it does not record any of the attacks that appears in the error.log. What I'm missing?


1 Reply

✓ Best Answer

This filter:

filter = apache-noscript

probably doesn't match your log entries. You can test this with fail2ban-regex(1). See man fail2ban-regex or


It's been my experience that the supplied fail2ban(1) filters are fairly brittle with respect to any log file entry modifications. They're written for the basest of base cases only (which can vary from distro to distro depending on installation/startup options…there is not one log format that rules them all).

This site may be of some interest/help to you:


-- sw


Please enter an answer

You can mention users to notify them: @username

You can use Markdown to format your question. For more examples see the Markdown Cheatsheet.

> I’m a blockquote.

I’m a blockquote.

[I'm a link] (https://www.google.com)

I'm a link

**I am bold** I am bold

*I am italicized* I am italicized

Community Code of Conduct