fail2ban/config/filter.d/apache-noscript.conf

38 lines
1.3 KiB
Plaintext
Raw Normal View History

# Fail2Ban filter to block web requests for scripts (on non scripted websites)
#
# This matches many types of scripts that don't exist. This could generate a
# lot of false positive matches in cases like wikis and forums where users
# no affiliated with the website can insert links to missing files/scripts into
# pages and cause non-malicious browsers of the site to trigger against this
# filter.
#
# If you'd like to match specific URLs that don't exist see the
# apache-botsearch filter.
#
[INCLUDES]
# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf
[Definition]
script = /\S*(?:php(?:[45]|[.-]cgi)?|\.asp|\.exe|\.pl)
prefregex = ^%(_apache_error_client)s <F-CONTENT>(?:(?:AH0(?:01(?:28|30)|1(?:264|071)): )|(?:(?:[Ff]ile|script|[Gg]ot) )).+</F-CONTENT>$
failregex = ^(?:(?:AH001(?:28|30): )?[Ff]ile does not exist|(AH01264: )?script not found or unable to stat): <script>\b
^script '<script>\S*' not found or unable to stat
^(?:AH01071: )?[Gg]ot error '[Pp]rimary script unknown\\n'
ignoreregex =
# DEV Notes:
#
# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs
#
# Second regex, script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$ is in httpd-2.2
#
# Author: Cyril Jaquier