github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity
fail2ban/config/filter.d/nginx-http-auth.conf

18 lines
485 B
Plaintext
Raw Normal View History

ENH: add filter.d/nginx-http-auth. Partially forfills #405
2013-11-07 23:06:40 +00:00
# fail2ban filter configuration for nginx
[Definition]
regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
2018-01-17 15:31:43 +00:00
failregex = ^ \[error\] \d+#\d+: \*\d+ user "(?:[^"]+|.*?)":? (?:password mismatch|was not found in "[^\"]*"), client: <HOST>, server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(?:, referrer: "\S+")?\s*$
ENH: add filter.d/nginx-http-auth. Partially forfills #405
2013-11-07 23:06:40 +00:00
ignoreregex =
added possibility to specify more precise default date pattern: - `datepattern = {^LN-BEG}` - only line-begin anchored default patterns (matches date only at begin of line, or with max distance up to 2 non-alphanumeric characters from line-begin); - `datepattern = {*WD-BEG}` - only word-begin anchored default patterns; - `datepattern = ^prefix{DATE}suffix` - exact specified default patterns (using prefix and suffix); common filter configs gets a more precise, line-begin anchored (datepattern = {^LN-BEG}) resp. custom anchoring default date-patterns;
2016-10-05 17:34:21 +00:00
datepattern = {^LN-BEG}
ENH: add filter.d/nginx-http-auth. Partially forfills #405
2013-11-07 23:06:40 +00:00
# DEV NOTES:
# Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files
# Extensive search of all nginx auth failures not done yet.
#
# Author: Daniel Black