I use ufw and fail2ban, and I’ve come across some behavior I don’t understand, and this leads me to think that something’s not configured correctly. I noticed a ton of POSTs from two IP addresses over and over again that I cannot identify. What’s weird, though, is even if I add them to ufw, they still show in other_vhosts_access.log. These addresses and attempts do not show in access.log, however.
Just to be clear, I added them using “insert” so that the deny statements are above the allow statements for ports 80 and 443. I even tried resetting the rules and starting over.
These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.