https://bugs.contribs.org/show_bug.cgi?id=10644
--- Comment #4 from Jean-Philippe Pialasse <[email protected]> ---
(In reply to Michael McCarn from comment #3)
> Created attachment 6097 [details]
> diff -u /etc/e-smith/templates/etc/fail2ban/jail.conf/05IgnoreIP
> /etc/e-smith/templates-custom/etc/fail2ban/jail.conf/05IgnoreIP
>
> I found two problems:
>
> 1) hostname instead of IP in httpd-admin > AllowHosts
> I was using a hostname in httpd-admin AllowHosts - which works for httpd,
> but does not work in this case.
you might have add that manually, quite sure the manager will not allow this...
I would suggest to rather add a custom template in httpd to do that, and
populate a dedicated property ValidFromCustom with hostname separated by
comas.
vim
/etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/03externalSSLAccessStringCustom
{
#---------------------------------------------------------------------
# Grab ValidFromGeoIP access list property of httpd-admin
# SSL enabled virtual hosts should only allow access from IP's in
# this list, as well as local networks.
#---------------------------------------------------------------------
$OUT = '';
my $validFromGeoIP = ${'httpd-admin'}{'ValidFromCustom'};
return unless defined $validFromCustom;
$validFromCustom =~ s/,/ /g;
$externalSSLAccess .= " $validFromCustom";
}
>
> 2) Something funny in 05IgnoreIP
> I was still getting warnings about "$bits" on line 15 of 05IgnoreIP. The
> changes in the attached diff seem to eliminate the warnings.
>
> expand-template /etc/fail2ban/jail.conf
> > WARNING in
> > /etc/e-smith/templates-custom//etc/fail2ban/jail.conf/05IgnoreIP: Use of
> > uninitialized value $bits in concatenation (.) or string at
> > /etc/e-smith/templates-custom//etc/fail2ban/jail.conf/05IgnoreIP line 15.
> > WARNING in
> > /etc/e-smith/templates-custom//etc/fail2ban/jail.conf/05IgnoreIP: Use of
> > uninitialized value $bits in concatenation (.) or string at
> > /etc/e-smith/templates-custom//etc/fail2ban/jail.conf/05IgnoreIP line 15.
> > WARNING: Template processing succeeded for //etc/fail2ban/jail.conf: 2
> > fragments generated warnings
> > at /sbin/e-smith/expand-template line 45
is this the 15 line for you :
push @ip, "$ip/$bits" unless "$ip/$bits" eq '0.0.0.0/0';
just after unless (($fail2ban{FilterValidRemoteHosts} || 'disabled') eq
'enabled'){
I might need your ValidFrom string to reproduce, if it is after another element
the string correpsonding, maybe from network list or Fail2ban IgnoreIP property
--
You are receiving this mail because:
You are the QA Contact for the bug._______________________________________________
Mail for each SME Contribs bug report
To unsubscribe, e-mail [email protected]
Searchable archive at https://lists.contribs.org/mailman/public/contribteam/
