[DEFAULT]
ignoreip = 127.0.0.1/8 122.181.102.5
# Ban for 24 hours
bantime  = 86400
# Window to count failures
findtime = 600
# Max failures before ban
maxretry = 5
# Use firewalld backend
banaction = firewallcmd-rich-rules
banaction_allports = firewallcmd-allports
backend = systemd
# Ignore own IP
ignoreip = 127.0.0.1/8 ::1

# SSH on port 1012
[sshd]
enabled  = true
port     = 1012
filter   = sshd
maxretry = 3
bantime  = 604800

# cPanel login
[cpanel-login]
enabled  = true
port     = 2082,2083,2086,2087
filter   = cpanel-login
maxretry = 5
findtime = 300
bantime  = 86400

# WHM login
[whm-login]
enabled  = true
port     = 2086,2087
filter   = cpanel-login
maxretry = 3
bantime  = 604800

# WordPress xmlrpc attacks
[wordpress-xmlrpc]
enabled  = true
port     = 80,443
filter   = wordpress-xmlrpc
maxretry = 2
findtime = 60
bantime  = 86400

# WordPress auth failures
[wordpress-auth]
enabled  = true
port     = 80,443
filter   = wordpress-auth
maxretry = 5
findtime = 300
bantime  = 86400

# HTTP flood / scanner
[nginx-http-auth]
enabled = false

[apache-auth]
enabled  = true
port     = 80,443
maxretry = 5
bantime  = 3600

[apache-badbots]
enabled  = true
port     = 80,443
bantime  = 86400

[apache-noscript]
enabled  = true
port     = 80,443

[apache-overflows]
enabled  = true
port     = 80,443
maxretry = 2