Hello list,
I need use a custom filter and I couldn't figure out the correct regex
so please help.
When user failed to login my apache it has log entries in
/var/log/httpd/ssl_error_log like this:
[Mon May 04 09:14:27.091333 2020] [:error] [pid 14109] [client
10.36.36.16:10508] LDAP - Bind user error 49 (Invalid credentials),
referer: https://web.company.com/index.php
[Mon May 04 09:15:10.359034 2020] [:error] [pid 17835] [client
10.36.36.16:10513] LDAP - Bind user error 49 (Invalid credentials),
referer: https://web.company.com/index.php
I want block the IP when the login fails many times so I made a custom
filter apache-SSP.conf:
[INCLUDES]
# Read common prefixes. If any customizations available -- read them
from
# apache-common.local
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s ? LDAP - Bind user error 49
(Invalid credentials), referer: \S+)?\s*$
ignoreregex =
This didn't work. Run the fail2ban-regex test fails with some python
error.
Could someone help me onthis? Thank you.
Gao
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
