Hi
I am having issues with my filter rule (I believe)
Currently, we are matching the error in the logs and the jail conf is ok
seeming, but I get no blocks added to iptables. In the fail2ban log is see
entries like this when the weblog rule is matched:
2014-12-29 13:43:18,967 fail2ban.filter : WARNING Unable to find a
corresponding IP address for -
2014-12-29 13:43:36,005 fail2ban.filter : WARNING Unable to find a
corresponding IP address for -
2014-12-29 13:44:01,041 fail2ban.filter : WARNING Unable to find a
corresponding IP address for -
The apache log for a matched request looks like:
140.237.3.53 - - [29/Dec/2014:13:12:50 -0500] "GET /forum/0/index.html
HTTP/1.1" 200 35227
The jails.conf rules for this are:
[patra-forum-hack]
enabled = true
filter = patra-forum-hack
action = iptables[name=PatraForumHack, port=http, protocol=tcp]
logpath = /var/log/httpd/patracompany.com-access_log
maxretry = 2
and the filter.d rules are:
# patra-forum-hack.conf
[INCLUDES]
before = common.conf
[Definition]
_daemon = cmp
failregex = ^[a-zA-Z0-9\.]+ <HOST> .*GET.*/forum/0/index\.html.*
ignoreregex =
I'm pretty positive there is an issue with my failregex extracting the IP,
but I'm hoping for some help or a ready doc that can aid in this.
thank you!
./Ben
------------------------------------------------------------------------------
Dive into the World of Parallel Programming! The Go Parallel Website,
sponsored by Intel and developed in partnership with Slashdot Media, is your
hub for all things parallel software development, from weekly thought
leadership blogs to news, videos, case studies, tutorials and more. Take a
look and join the conversation now. http://goparallel.sourceforge.net
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
