Hi,I have a dedicated HA cluster of 2 pound servers operating in the following mode:
Internet <---> Firewall <---> DMZ Virtual IP (2 X POUND) SRV VLAN Virtual IP <---> Corporate coputers
Pound 2.7-1.el6.x86_64 is used primarily as an ssl offloader (and load balancer for some redundant servers).
We don't have a WAF and would take a lot of coordination between application managers to get configured and trained. The idea is: I would like to have the "404 not found" errors reported to Pound from the backend web servers so I could setup Fail2ban on the Pound servers to block those ip addresses which are scanning my backend servers.
Is this possible in pound.cfg or should I send all apache logs to a syslog daemon on the Pound servers and then configure Fail2ban to "look" at those centralized logs ?
TIA Fathi Ben Nasr
<<attachment: fbennasr.vcf>>
smime.p7s
Description: Signature cryptographique S/MIME
