Re: [Fail2ban-users] Help needed with regex

Here I use, [Definition] failregex = ^.*"(GET|POST).*" (404|444|403|400) .*$ ignoreregex = Kind regards, John Willemse LinkedIn: https://www.linkedin.com/in/willemsej/ Twitter:https://twitter.com/willemsej/ Op do 19 okt 2023 om 23:03 schreef James Moe via Fail2ban-users < fail2ban-users@

Re: [Fail2ban-users] Help needed with regex

On 10/19/23 4:49 AM, Marcel Blenkers wrote: The Logfile looks like this: Oct 16 15:49:02 localhost cabc0b82e7f9[424]: 192.168.10.10 - - [16/Oct/2023:13:49:02 +] "GET /de_DE/infrastruktu?order=website_priority%2Cname+asc HTTP/1.1" 404 3005 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:109

Re: [Fail2ban-users] Help needed with regex

Am 19.10.2023 um 18:52 schrieb Marcel Blenkers: Hi Peter, thanks for the reply. Unfortunatly i forgot something i changed the ip for datapeotection the ip 192.168.10.10 is actually the ip which is accessing the webserver. so it shows the correct ip, just not in my

Re: [Fail2ban-users] Help needed with regex

I think, you are not aware, what 192.168.10.y means. this is the IP-address seen inside the docker container. This IP is created by NAT on your host. If you block them, you are not blocking access from outside to your host, but blocking the way back from docker container to your host interna

[Fail2ban-users] Help needed with regex

Hello everyone,   i am in the need for some help, as i want to create a new filter.   Setup:   We are running a nginx-Server in a docker-container and on the system itself a fail2ban-installation.   The Docker-Container writes via syslog-module into a file the content of the nginx-Logs and