I could not get apache-nohome.conf (filter) to work so I copied it and
made my own failregex
failregex = \[client <HOST>(:\d{1,5})?\] AH00128: File does not exist:*
Since I am a beginner on regex I do not know if this is efficient or
sufficient.
On 3/15/2021 3:03 AM, Klaus Lehmann wrote:
good morning....
sorry for these addendum, please look in new versions on this filter:
apache-nohome.conf
==================
content:
# Fail2Ban filter to web requests for home directories on Apache servers
#
# Regex to match failures to find a home directory on a server, which
# became popular last days. Most often attacker just uses IP instead of
# domain name -- so expect to see them in generic error.log if you have
# per-domain log files.
[INCLUDES]
# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf
[Definition]
failregex = ^%(_apache_error_client)s (AH00128: )?File does not exist:
.*/~.*
ignoreregex =
# Author: Yaroslav O. Halchenko <deb...@onerussian.com>
filedate Oct.18.2019
it could be enough...
yours, klaus
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
