I have a regex that matches what I want:
> ^<HOST>(\S+ ){7}4\d\dThe problem is that when it matches > 82.218.192.209 35.196.194.228 - [18/Dec/2019:23:24:31 +0200] "GET > /mysql/admin/index.php?lang=en HTTP/1.1" 404 345 "-" "Mozilla/5.0 (Windows NT > 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/77.0.3865.120 > Safari/537.36” it will try to block > 2019-12-18 23:24:32,640 fail2ban.filter [20220]: INFO > [unifi-lighttpd] Found 82.218.192.20 The last character of the IP is missing. What could cause this? Matching with > ^<HOST> works as expected. I haven’t found any docs on what the <HOST> actually matches. Its pattern seems to contain white space after the IP, too. Debugging with fail2ban-regex doesn’t reveal what is the IP it matches. I am running 0.9.6 on Debian Stretch. br, Petri (Note: This is a special application. I am aware of problems with blocking based on 4xx response)
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Fail2ban-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/fail2ban-users
