Guten Tag [Frau/Herr] newsgr...@explorer.blogdns.com,
danke für Ihre Nachricht.
Am Montag, 15. März 2021 um 00:12 schrieben Sie.
Ihre Nachricht finden Sie am Ende dieser eMail.
> I have the following filter called apache-filenotexist:
> #
> [Definition]
> failregex = [[]client <HOST>[]] ^File does not exist$
> ignoreregex =
> -------------------------------------------------------------------------
> The error message, from /var/log/httpd/error.log, I want this filter to match
> is:
> [Sat Mar 06 08:38:59.225983 2021] [core:info] [pid 271881:tid 271881] [client
> 205.185.122.102:38474] AH00128: File does not exist:
> /var/www/html/temp/config/getuser
> -------------------------------------------------------------------------
> Have I created the failregex correctly?
I don't think so... may be ...
but in 2011-2012 Bill Crock has programmed this apache-getno.conf
attention: its from 2012!
# Fail2Ban configuration file
#
# Author: Billy Crook (fail2ban-list) 2011
# Jonathon W. Donaldson on 2012/4/21
# $Revision: ??? $
#
# pauschale apache-antworten besser nicht abfangen (401 bis 404), gibt stress
8/2012
# 401 GANZ raus! zu viele falsche fehler bei plone
# achtung überflüssigerweise UNTEN IGNOREREX drin! 8/2012
#failregex = <HOST>.*\"GET.*HTTP.*\" 403 \d{3}
# <HOST>.*\"GET.*HTTP.*\" 404 \d{3}
#ignoreregex = <HOST>.*\"GET./myip_.*HTTP.*\" 401
# ATTENTION 8/2012 this two lines wasn't possible to activate, If You have lynx:
#failregex = \[client <HOST>\] File does not exist:.*(?i)admin.*
# ^<HOST>.*GET.*(?i)admin.*
[INCLUDES]
# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf
[Definition]
failregex = \[client <HOST>\] File does not exist:.*(?i)manager.*
\[client <HOST>\] File does not exist:.*(?i)setup.*
\[client <HOST>\] File does not exist:.*(?i)mysql.*
\[client <HOST>\] File does not exist:.*(?i)sqlweb.*
\[client <HOST>\] File does not exist:.*(?i)webdb.*
\[client <HOST>\] File does not exist:.*(?i)pma.*
\[client <HOST>\] File does not exist:.*(?i)vtigercrm.*
^<HOST>.*GET.*(?i)manager.*
^<HOST>.*GET.*(?i)setup.*
^<HOST>.*GET.*(?i)mysql.*
^<HOST>.*GET.*(?i)sqlweb.*
^<HOST>.*GET.*(?i)webdb.*
^<HOST>.*GET.*(?i)pma.*
^<HOST>.*GET.*(?i)vtigercrm.*
[[]client <HOST>[]] client sent HTTP/1.1 request without hostname
[(]see RFC2616 section 14.23[)]
# war Billy Crock
#failregex = <HOST>.*\"GET\ /*w00tw00t\.at\..*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*MyAdmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*PhpMyAdmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*admin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*pma.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*phpMyAdmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*phpMyAdmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*myadmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*mysql.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*phpadmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*webadmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*user/soapCaller\.bs.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*webdav.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*.*/admin/login\.php.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*p/m/a/.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*.*/scripts/setup\.php.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*.*/scripts/setup\.php\ HTTP.*\"\ .*\d{3}\ \d*
# <HOST>.*\"GET\ /*php-my-admin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*php-myadmin.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*sqlmanager.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*sqlweb.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*Horde.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*horde.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ http://.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ ftp://.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ https://.*\ HTTP.*\"\ .*\d{3}
# <HOST>.*\"GET\ /*.*/*bin/msgimport\ HTTP.*\"\ .*\d{3}
ignoreregex =
it's possible, it can help....
Yours klaus
--
Mit freundlichen Grüßen,
Ihr Klaus Lehmann
http://allegronet.de * eMail: allegro...@t-online.de * phone: 03528-452 807(fax
809) * mobil: 0171-953 7843
allegronet.de * Klaus Lehmann * D-01454 Radeberg * Bahnhofstr. 1
zuständiges Finanzamt: FA Hoyerswerda; zuständige Kammer: IHK Dresden;
zuständige Aufsichtsbehörde: Gewerbeamt Radeberg; USt-IdNr: DE247550760
* Software für zufriedene Bibliothekare: 1000x bewaehrt und ergiebig
* Bereits 4x allegro-utf8. Buchen Sie die allegro-Roadshow. Yes we can!
* Internetkataloge & WebHosting für Allegro-C & Web 2.0 mit VuFind
* 2011-18: Sponsor: Peter-Sodann-Bibliothek+IFLA:allegro-utf8
* 2013-14: Bolero 64bit.+allegro-zdb: endlich. + eBooks
* 2015-16: allegro-vufind.+ allegro-imd.Die weltgrößte(?) Filmdatenbank
* 2017-18: Exporte. Marc und Co. Marc ist sehr different
* 2019: All for VuFind! The perfect export into marc21
* 2019: Neu: vufindnet.de. Ein großer Discovery-Katalog
* 2020: Neu: kohanet.de. Alternativen zu allegro-C und allegronet.de
* 2017-21: Exporte mit Marc. Es höret nimmer auf...
Am Montag, 15. März 2021 um 00:12 schrieben Sie:
> I have the following filter called apache-filenotexist:
> #
> [Definition]
> failregex = [[]client <HOST>[]] ^File does not exist$
> ignoreregex =
> -------------------------------------------------------------------------
> The error message, from /var/log/httpd/error.log, I want this filter to match
> is:
> [Sat Mar 06 08:38:59.225983 2021] [core:info] [pid 271881:tid 271881] [client
> 205.185.122.102:38474] AH00128: File does not exist:
> /var/www/html/temp/config/getuser
> -------------------------------------------------------------------------
> Have I created the failregex correctly?
> ------------------------------------------------------------------------
> Miscellaneous:
> Fail2ban 0.11.2
> Fedora 33 Server
> Intel I7
> Thanks
> _______________________________________________
> Fail2ban-users mailing list
> Fail2ban-users@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/fail2ban-users
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
