fail2ban/config/filter.d/apache-noscript.conf

# Fail2Ban filter to block web requests for scripts (on non scripted websites)
#
# This matches many types of scripts that don't exist. This could generate a
# lot of false positive matches in cases like wikis and forums where users
# no affiliated with the website can insert links to missing files/scripts into
# pages and cause non-malicious browsers of the site to trigger against this
# filter.
#
# If you'd like to match specific URLs that don't exist see the
# apache-botsearch filter.
#

[INCLUDES]

# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf

[Definition]

failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
            ^%(_apache_error_client)s script '/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$

ignoreregex = 


# DEV Notes:
#
# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs
#
# Second regex, script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$ is in httpd-2.2
#
# Author: Cyril Jaquier
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Fail2Ban filter to block web requests for scripts (on non scripted websites)`
- Added "apache-noscript" filter. Thanks to Pander git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@411 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-10-17 19:05:27 +00:00			`#`
DOC: for apache-botsearch and apache-botsearch 2014-01-09 20:34:01 +00:00			`# This matches many types of scripts that don't exist. This could generate a`
			`# lot of false positive matches in cases like wikis and forums where users`
			`# no affiliated with the website can insert links to missing files/scripts into`
			`# pages and cause non-malicious browsers of the site to trigger against this`
			`# filter.`
			`#`
			`# If you'd like to match specific URLs that don't exist see the`
			`# apache-botsearch filter.`
- Added "apache-noscript" filter. Thanks to Pander git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@411 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-10-17 19:05:27 +00:00			`#`

BF: anchor apache- filters. Close #248 See https://vndh.net/note:fail2ban-089-denial-service for more information 2013-06-11 18:56:25 +00:00			`[INCLUDES]`

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# overwrite with apache-common.local if _apache_error_client is incorrect.`
BF: anchor apache- filters. Close #248 See https://vndh.net/note:fail2ban-089-denial-service for more information 2013-06-11 18:56:25 +00:00			`before = apache-common.conf`

- Added "apache-noscript" filter. Thanks to Pander git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@411 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-10-17 19:05:27 +00:00			`[Definition]`

TST: more test of filters 2013-12-29 05:29:59 +00:00			`failregex = ^%(_apache_error_client)s ((AH001(28\|30): )?File does not exist\|(AH01264: )?script not found or unable to stat): /\S(php([45]\|[.-]cgi)?\|\.asp\|\.exe\|\.pl)(, referer: \S+)?\s$`
			`^%(_apache_error_client)s script '/\S(php([45]\|[.-]cgi)?\|\.asp\|\.exe\|\.pl)\S' not found or unable to stat(, referer: \S+)?\s*$`
- Added option "ignoreregex" in filter scripts and jail.conf. Feature Request #1283304 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@458 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-11-12 14:52:36 +00:00
- Defined default values in .conf. Should fix Debian bug #398758 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/trunk@464 a942ae1a-1317-0410-a47c-b1dcaea8d605 2006-11-15 18:44:28 +00:00			`ignoreregex =`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00

ENH: apache-2.4 message IDs for filter apache-noscript 2013-11-10 23:49:11 +00:00			`# DEV Notes:`
			`#`
			`# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs`
			`#`
DOC: fix comment regarding apache version in apache-noscript 2014-01-09 21:35:37 +00:00			`# Second regex, script '/\S(\.php\|\.asp\|\.exe\|\.pl)\S' not found or unable to stat\s*$ is in httpd-2.2`
ENH: apache-2.4 message IDs for filter apache-noscript 2013-11-10 23:49:11 +00:00			`#`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Author: Cyril Jaquier`