fail2ban/config/filter.d/lighttpd-auth.conf

# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module
#

[Definition]

failregex = ^\s*(?:: )?\(?(?:http|mod)_auth\.c\.\d+\) (?:password doesn\'t match for (?:\S+|.*?) username:\s+<F-USER>(?:\S+|.*?)</F-USER>\s*|digest: auth failed(?: for\s+<F-ALT_USER>(?:\S+|.*?)</F-ALT_USER>\s*)?: (?:wrong password|uri mismatch \([^\)]*\))|get_password failed),? IP: <HOST>\s*$

ignoreregex = 

# Author: Francois Boulogne <fboulogne@april.org>
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00			`# Fail2Ban filter to match wrong passwords as notified by lighttpd's auth Module`
add filter for lighttpd mod_auth failure 2011-12-24 20:51:18 +00:00			`#`

			`[Definition]`

filter.d/lighttpd-auth.conf: adjusted to the current source code + avoiding catch-all's, etc (gh-3116) 2021-10-01 13:03:24 +00:00			`failregex = ^\s(?:: )?\(?(?:http\|mod)_auth\.c\.\d+\) (?:password doesn\'t match for (?:\S+\|.?) username:\s+<F-USER>(?:\S+\|.?)</F-USER>\s\|digest: auth failed(?: for\s+<F-ALT_USER>(?:\S+\|.?)</F-ALT_USER>\s)?: (?:wrong password\|uri mismatch \([^\)]\))\|get_password failed),? IP: <HOST>\s$`
add filter for lighttpd mod_auth failure 2011-12-24 20:51:18 +00:00
			`ignoreregex =`
DOC: in filters, put user relevant doc at top, and developer info at bottom, and remove all the repetative blindly copied stuff that appears in the jail man page 2013-10-30 13:02:59 +00:00
			`# Author: Francois Boulogne <fboulogne@april.org>`