One thing that comes with the territory when running servers (application servers or otherwise) is the continual and incessant attacks and intrusion attempts that occur. Most of these are simply querying your server looking for older versions of server applications to exploit (I'm looking at you myphpadmin and wordpress...).
...
A few notes here. Add your own ip addresses or ip address range (CIDR) to ignore in this line. For example 10.0.0.0/24 will ignore 10.0.0.0 and ip range [10.0.0.1 - 10.0.0.254255] which is an internal network ip range.
...
Now, testing to verify that our apache-custom filter is working is extremely important. Regular expressions are very easy to mess up. Fail2ban comes with some nice tools that we can use to test our filter. We first need something to test against. I like to keep a log with actual (attack) requests to my server. Whenever I find a new pattern that I want to ban, I add an example of the actual request to a samples.log file. For example, here is one which has actual requests to my server (and the actual ip addresses they came from - wo unto the ip addresses below, I hereby publicly shame thee!):
...