[fail2ban] Use <ADDR> rather than <HOST> when we only need an IP address

The fail2ban documentation says that if we don't need DNS resolution, we should use `<ADDR>` instead of `<HOST>`: https://github.com/fail2ban/fail2ban/wiki/Best-practice I confirmed using `fail2ban-regex` that it produces the same results on a sample of 10,000 log entries, and that it is consistently a little faster.
pulibrary · Jan 15, 2025 · 1be98e3 · 1be98e3
1 parent 63977d5
commit 1be98e3
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/roles/nginxplus/files/fail2ban/nginx-badbots-filter.conf b/roles/nginxplus/files/fail2ban/nginx-badbots-filter.conf
@@ -2,6 +2,6 @@
 
 badbots = 360Spider|AI2Bot|Amazonbot|Applebot|Applebot-Extended|Bytespider|CCBot|ChatGPT-User|Claudebot|DuckAssistBot|Diffbot|FacebookBot|Google-Extended|GPTBot|Meta-ExternalAgent|OAI-SearchBot|YouBot
 
-failregex = (?i)\{\"remote_ip\"\: \"<HOST>\".*?\"user_agent\"\:.*?(?:%(badbots)s).*$
+failregex = (?i)\{\"remote_ip\"\: \"<ADDR>\".*?\"user_agent\"\:.*?(?:%(badbots)s).*$
 
 ignoreregex =