Hello, /etc/fail2ban/filter.d/apache-auth.conf looks for the following regex pattern for failed authorization attempts:
^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*\s*$ In my log files a different "client denied by server configuration" entry is appearing for failed login attempts: [Mon May 05 15:46:07.213547 2014] [authz_core:error] [pid 8119:tid 139902360438528] [client X.X.X.X:54677] AH01630: client denied by server configuration: some_uri This appears to have changed in 12.04 so that the new error code AH01630 is being used rather than AH01797, as before. The fail2ban regex should be updated to the following, so that it catches both log entries: ^%(_apache_error_client)s (AH01(630|797): )?client denied by server configuration: (uri )?\S*\s*$ Thank you, -- Scott -- Ubuntu-devel-discuss mailing list Ubuntu-devel-discuss@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel-discuss
