Hi all,
I have a problem with this filter.
My cause is, a client uses my server as proxy. Loglines like this:
222.84.235.162 - - [23/Sep/2018:07:54:24 +0200] "GET /phpmyadmin
HTTP/1.1" 301 591 "http://myserverip/phpmyadmin";
The filter blocks myserverip, and not the client.
The filter looks like this:
# Fail2Ban configuration file
#
# Author: James Roe
# Use in apache access logs
[Definition]
# Matches lines such as:
# 192.168.1.1 - - "GET http://www.infodownload.info/proxyheader.php ...
##failregex = ^(?:(?![0-9\.]* - - \[.*\] "([A-Z]* /.*
HTTP/1\.[0-9]|-)")<HOST>)
# untere Zeile aktiv wegen https user auth, sonst wird gebant
failregex = ^(?:(?![0-9\.]* - .*? \[.*\] "([A-Z]* /.*
HTTP/1\.[0-9]|-)")<HOST>)
ignoreregex =
Do you see the problem?
This filter blocks the destination, not the source.
Thanks in advance
Ralf
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
