fail2ban/config/filter.d/apache-overflows.conf

# Fail2Ban filter to block web requests on a long or suspicious nature
#

[INCLUDES]

# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf

[Definition]

failregex = ^%(_apache_error_client)s (Invalid (method|URI) in request|request failed: URI too long \(longer than \d+\)|erroneous characters after protocol string)

ignoreregex =

# DEV Noptes:
# 
# fgrep -r 'URI too long' httpd-2.*
#   httpd-2.2.25/server/protocol.c:                          "request failed: URI too long (longer than %d)", r->server->limit_req_line);
#   httpd-2.4.4/server/protocol.c:                              "request failed: URI too long (longer than %d)",
#
# Author: Tim Connors
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Fail2Ban filter to block web requests on a long or suspicious nature`
- Fixed Debian bug #456567 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@664 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-05 21:47:59 +00:00			`#`

BF: anchor apache- filters. Close #248 See https://vndh.net/note:fail2ban-089-denial-service for more information 2013-06-11 18:56:25 +00:00			`[INCLUDES]`

DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# overwrite with apache-common.local if _apache_error_client is incorrect.`
BF: anchor apache- filters. Close #248 See https://vndh.net/note:fail2ban-089-denial-service for more information 2013-06-11 18:56:25 +00:00			`before = apache-common.conf`

- Fixed Debian bug #456567 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@664 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-05 21:47:59 +00:00			`[Definition]`

ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case 2013-11-10 22:46:40 +00:00			`failregex = ^%(_apache_error_client)s (Invalid (method\|URI) in request\|request failed: URI too long \(longer than \d+\)\|erroneous characters after protocol string)`
- Fixed Debian bug #456567 git-svn-id: https://fail2ban.svn.sourceforge.net/svnroot/fail2ban/branches/FAIL2BAN-0_8@664 a942ae1a-1317-0410-a47c-b1dcaea8d605 2008-03-05 21:47:59 +00:00
			`ignoreregex =`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
ENH: apache-overflows - more detail on "request failed: URI too long (longer than %d)" with test case 2013-11-10 22:46:40 +00:00			`# DEV Noptes:`
			`#`
			`# fgrep -r 'URI too long' httpd-2.*`
			`# httpd-2.2.25/server/protocol.c: "request failed: URI too long (longer than %d)", r->server->limit_req_line);`
			`# httpd-2.4.4/server/protocol.c: "request failed: URI too long (longer than %d)",`
			`#`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Author: Tim Connors`