Sure, this filter probably lacks things here and there and it's far from
being perfect, but it's a good start overall and works well for the
majority of cases.
Feel free to improve it!
Regards.
On 4/4/20 10:04 AM, Narcis Garcia via Monitorix-general wrote:
I've looked failures logged and I see it's recording source traffic IP
but not visitor's one if it comes through a proxy (X-Forwarded-For):
$ sudo cat /var/log/monitorix-httpd | grep -ie AUTHERR
Thu Apr 2 16:14:35 2020 - AUTHERR - [192.168.1.33] Authentication
error: /monitorix/
This will produce fail2ban to block all visitors from same HTTP proxy.
I also want to warn about NOTEXIST key to filter:
$ sudo cat /var/log/monitorix-httpd | grep -ie NOTEXIST
Thu Apr 2 08:55:28 2020 - NOTEXIST - [192.168.1.33] File does not exist: /
Sat Apr 4 09:50:16 2020 - NOTEXIST - [192.168.1.33] File does not
exist: /favicon.ico
Sat Apr 4 09:51:21 2020 - NOTEXIST - [192.168.1.33] File does not
exist: /monitoric
Thank you;
Narcis Garcia
--
Jordi Sanfeliu
FIBRANET Network Services Provider
https://www.fibranet.cat
_______________________________________________
Monitorix-general mailing list
Monitorix-general@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/monitorix-general
