mirror of https://github.com/fail2ban/fail2ban
24 lines
867 B
Plaintext
24 lines
867 B
Plaintext
|
# Fail2Ban configuration file
|
||
|
#
|
||
|
# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
|
||
|
# Version 2
|
||
|
# fixes the failregex so REFERERS that contain =http:// don't get blocked
|
||
|
# (mentioned by "fasuto" (no real email provided... blog comment) in this entry:
|
||
|
# http://blogs.buanzo.com.ar/2009/04/fail2ban-filter-for-php-injection-attacks.html#comment-1489
|
||
|
#
|
||
|
|
||
|
[Definition]
|
||
|
|
||
|
# Option: failregex
|
||
|
# Notes.: regex to match this kind of request:
|
||
|
#
|
||
|
# 66.185.212.172 - - [26/Mar/2009:08:44:20 -0500] "GET /index.php?n=http://eatmyfood.hostinginfive.com/pizza.htm? HTTP/1.1" 200 114 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)"
|
||
|
#
|
||
|
failregex = ^<HOST> -.*"(GET|POST).*\?.*\=http\:\/\/.* HTTP\/.*$
|
||
|
|
||
|
# Option: ignoreregex
|
||
|
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||
|
# Values: TEXT
|
||
|
#
|
||
|
ignoreregex =
|