hi there,
Am 07.02.2013 14:54 schrieb Arnd Raphael Brandes:
> thank to jraby, the sogo.log can now be used for fail2ban, even in the proxy
> setup. This has been implemented in the feature request
> 2229(http://www.sogo.nu/bugs/view.php?id=2229). Fail2ban allows to ban IPs of
> users who persistently (in the example 5 times) fail to login in a certain
> time. The ban can be temporary or permanent and an admin can be configured to
> be informed by mail.
> The ban is done via IP tables. Setup-time ~ 10 min.
for the current stable version (2.0.4b-1), this sogo.conf might work as
well:
[Definition]
failregex = ^<HOST> - - \[.+\] "POST /SOGo/connect HTTP/1.[01]" 403.*$
^<HOST> - - \[.+\] "PROPFIND /SOGo/dav.+ HTTP/1.[01]" 401 *$
ignoreregex = ^<HOST> - - \[.+\] "PROPFIND /SOGo/dav.+ HTTP/1.[01]" 401 0.*$
… well, it does seem to do its job here, at least :-)
i also changed port = http,https in the jail definition to port = all to
make sure to also catch *dav-related log entries.
with kind regards,
t.
--
[email protected]
https://inverse.ca/sogo/lists
