hi arnd, Am 08.02.2013 19:00 schrieb Arnd Raphael Brandes: > are you identifying failed attemts by the http error code (403,401)?
yes, due to fail2ban's inability to work with regexes spanning multiple lines … there are, however, some legitimate 401 requests from apple devices - hence the ignoreregex. > However, where you put the <HOST> placeholder, I had localhost only - until > the last changes. This came due to the proxy setup with apache. hmmmm, our setup here is more or less a plain vanilla one (ie. sogo on a single server, without a dedicated frontend proxy. apache is proxying requests internally to localhost:20000, however). the actual client ip addresses do show up in the sogo log. > About the port, from my understanding this is the port whitch wil be blocked > - an for me SOGo has 443 (https), only with > CalDav/CardDav running over them. that makes sense … i thought this to be the port the incriminated requests were directed at, which is obviously wrong. thank you for clarifying this. with kind regards, t. -- [email protected] https://inverse.ca/sogo/lists
