[Fail2ban-users] HELP - squid filter doesn't work

Wed, 03 Dec 2014 09:03:15 -0800 

Hello Community,
 
Perhaps you can help me.
 
I'm responsible for a squid3 proxy server. But I'm not able to block ip's ,who 
failed to authenticate (ncsa_method).
 
Thats my /var/log/squid3/access.log output
 
 
27/Nov/2014:13:16:41      0 125.46.40.22 TCP_DENIED/407 3836 GET 
http://www.google.de/ - NONE/- text/html
 
 
Thats my jail in jail.conf
 
enabled = true
port = 8080
filter = squidfilter
logpath = /var/log/squid3/access.log
maxretry = 1
bantime = 180
 
Thats my filter
 
# squidfilter 

[Definition]

failregex = 0 <HOST> TCP_DENIED/407

ignoreregex =


In reality it doesn't work, although I successfully checked my filter with 
"fail2ban-regex" command.
Here is the output
 
# fail2ban-regex '27/Nov/2014:13:16:41      0 125.46.40.22 TCP_DENIED/407 3836 
GET http://www.google.de/ - NONE/- text/html'
'0 <HOST> TCP_DENIED/407'
 
############################################
Summary
=======

Addresses found:
[1]
    125.46.40.22 (Thu Nov 27 13:16:41 2014)

Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
2 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>

Success, the total number of match is 1

However, look at the above section 'Running tests' which could contain important
information.
#############################################
 

It would be so nice if you could help me.
 
Greetings
 
Black1check




---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! 
Rundum glücklich mit freenetMail

------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users

Reply via email to