I found the jail's ignorecommand meets my needs with this. The command is executed after the regex test(s), with <ip> being replaced as an argument or inline. I wish it was a bit more flexible, but it works so far.
On 01/16/2015 02:46 AM, Yves wrote: > Hello, > > Le 2015-01-16 03:35, Lee Clemens a écrit : >> Hello, >> >> I am looking to execute a piece of code with the <HOST> value from a >> filter's regex match - and then conditionally perform a traditional >> action. > > Your issue is not unlike mine, so the article I wrote may interest you: > http://yalis.fr/cms/index.php/post/2014/11/02/Migrate-from-DenyHosts-to-Fail2ban > > > > Indeed, I wanted, among other things, to manage a whitelist (based on > the log files) in addition to the usual blacklist. Thus an <ip> has to > be checked against the whitelist before proceeding to the > blacklisting. My case is actually a bit more complex because I also > manage the blacklist myself due to some limitations of Fail2ban… > >> I'm not sure if chaining actions together is currently possible, or if >> there is another way to achieve this goal and was looking for ideas. > > This is also an issue I encountered (and talk about in the article > above). I wanted to send an email, but only if the previous action > completed successfully (kind of `try-ban && send-mail`). > Unfortunately, I saw that all actions are always run whatever their > exit status. > > If you don’t have the `&&` requirement, then you can simply white: > action = action1[params…] > action2[params…] > >> Basically, I was thinking of a jail to ban fake GoogleBot User-Agents. >> Verifying the request based on the logic from >> https://isc.sans.edu/forums/diary/When+Google+isnt+Google/15968/ and >> then determining whether or not to ban the IP (if fake GoogleBot). >> >> Any ideas, suggestions would be greatly appreciated :) >> >> Kind Regards, >> Lee Clemens ------------------------------------------------------------------------------ Dive into the World of Parallel Programming. The Go Parallel Website, sponsored by Intel and developed in partnership with Slashdot Media, is your hub for all things parallel software development, from weekly thought leadership blogs to news, videos, case studies, tutorials and more. Take a look and join the conversation now. http://goparallel.sourceforge.net/ _______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
