fail2ban/testcases/files/logs/apache-auth

# Should not match -- DoS vector https://vndh.net/note:fail2ban-089-denial-service
[Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found

# should match
# from https://github.com/fail2ban/fail2ban/issues/286
[Thu Jul 11 01:21:41 2013] [error] [client 194.228.20.113] user  not found: /
[Thu Jul 11 01:21:43 2013] [error] [client 194.228.20.113] user dsfasdf not found: /

# The failures below use the configuration described in testcases/files/config/apache-auth
#

# wget  http://localhost/noentry/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T23:20:45", "match": true , "host": "127.0.0.1" } 
[Wed Jul 17 23:20:45 2013] [error] [client 127.0.0.1] client denied by server configuration: /var/www/html/noentry/cant_get_me.html

# wget --http-user='' --http-password='' http://localhost/basic/file/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T23:14:37", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 23:14:37 2013] [error] [client 127.0.0.1] user  not found: /basic/anon/cant_get_me.html

# wget --http-user=username --http-password=wrongpass http://localhost/basic/file -O /dev/null
# failJSON: { "time": "2013-07-17T22:18:52", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:18:52 2013] [error] [client 127.0.0.1] user username: authentication failure for "/basic/file": Password Mismatch

# wget --http-user=wrongusername --http-password=wrongpass http://localhost/basic/file -O /dev/null
# failJSON: { "time": "2013-07-17T22:32:48", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:32:48 2013] [error] [client 127.0.0.1] user wrongusername not found: /basic/file

# wget --header='Authorization: Digest username="Mufasa",realm="testrealm@host.com",nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",uri="/dir/index.html",qop=auth,nc=00000001,cnonce="0a4f113b",response="6629fae49393a05397450978507c4ef1",opaque="5ccc069c403ebaf9f0171e9517f40e41"'  http://localhost/basic/file -O /dev/null
# failJSON: { "time": "2013-07-17T22:39:55", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:39:55 2013] [error] [client 127.0.0.1] client used wrong authentication scheme: /basic/file

# wget --http-user=username --http-password=password http://localhost/basic/authz_owner/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T22:54:32", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 22:54:32 2013] [error] [client 127.0.0.1] Authorization of user username to access /basic/authz_owner/cant_get_me.html failed, reason: file owner dan does not match.

# wget --http-user='username' --http-password='wrongpassword' http://localhost/digest/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-17T23:50:37", "match": true , "host": "127.0.0.1" }
[Wed Jul 17 23:50:37 2013] [error] [client 127.0.0.1] Digest: user username: password mismatch: /digest/cant_get_me.html

# wget --http-user='username' --http-password='password' http://localhost/digest_wrongrelm/cant_get_me.html -O /dev/null
# failJSON: { "time": "2013-07-18T00:08:39", "match": true , "host": "127.0.0.1" }
[Thu Jul 18 00:08:39 2013] [error] [client 127.0.0.1] Digest: user `username' in realm `digest private area' not found: /digest_wrongrelm/cant_get_me.html
BF: anchor apache- filters. Close #248 See https://vndh.net/note:fail2ban-089-denial-service for more information 2013-06-11 18:56:25 +00:00			`# Should not match -- DoS vector https://vndh.net/note:fail2ban-089-denial-service`
			`[Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found`

			`# should match`
BF: fix filter on apache-auth. Closes #286 2013-07-11 12:13:51 +00:00			`# from https://github.com/fail2ban/fail2ban/issues/286`
			`[Thu Jul 11 01:21:41 2013] [error] [client 194.228.20.113] user not found: /`
			`[Thu Jul 11 01:21:43 2013] [error] [client 194.228.20.113] user dsfasdf not found: /`
TST: testcases and logs for apache-auth basic 2013-07-17 12:46:04 +00:00
DOC/TST: fix configuration path for apache-auth test cases 2013-07-17 22:37:05 +00:00			`# The failures below use the configuration described in testcases/files/config/apache-auth`
TST: testcases and logs for apache-auth basic 2013-07-17 12:46:04 +00:00			`#`
TST: apache-auth client denied by server configuration 2013-07-17 13:24:19 +00:00
			`# wget http://localhost/noentry/cant_get_me.html -O /dev/null`
			`# failJSON: { "time": "2013-07-17T23:20:45", "match": true , "host": "127.0.0.1" }`
			`[Wed Jul 17 23:20:45 2013] [error] [client 127.0.0.1] client denied by server configuration: /var/www/html/noentry/cant_get_me.html`

			`# wget --http-user='' --http-password='' http://localhost/basic/file/cant_get_me.html -O /dev/null`
			`# failJSON: { "time": "2013-07-17T23:14:37", "match": true , "host": "127.0.0.1" }`
			`[Wed Jul 17 23:14:37 2013] [error] [client 127.0.0.1] user not found: /basic/anon/cant_get_me.html`

TST: testcases and logs for apache-auth basic 2013-07-17 12:46:04 +00:00			`# wget --http-user=username --http-password=wrongpass http://localhost/basic/file -O /dev/null`
			`# failJSON: { "time": "2013-07-17T22:18:52", "match": true , "host": "127.0.0.1" }`
			`[Wed Jul 17 22:18:52 2013] [error] [client 127.0.0.1] user username: authentication failure for "/basic/file": Password Mismatch`

			`# wget --http-user=wrongusername --http-password=wrongpass http://localhost/basic/file -O /dev/null`
			`# failJSON: { "time": "2013-07-17T22:32:48", "match": true , "host": "127.0.0.1" }`
			`[Wed Jul 17 22:32:48 2013] [error] [client 127.0.0.1] user wrongusername not found: /basic/file`

			`# wget --header='Authorization: Digest username="Mufasa",realm="testrealm@host.com",nonce="dcd98b7102dd2f0e8b11d0f600bfb0c093",uri="/dir/index.html",qop=auth,nc=00000001,cnonce="0a4f113b",response="6629fae49393a05397450978507c4ef1",opaque="5ccc069c403ebaf9f0171e9517f40e41"' http://localhost/basic/file -O /dev/null`
			`# failJSON: { "time": "2013-07-17T22:39:55", "match": true , "host": "127.0.0.1" }`
			`[Wed Jul 17 22:39:55 2013] [error] [client 127.0.0.1] client used wrong authentication scheme: /basic/file`

ENH/TST: filter, testcase and log entry for apache-auth authorization scheme mod_authz_owner 2013-07-17 13:05:04 +00:00			`# wget --http-user=username --http-password=password http://localhost/basic/authz_owner/cant_get_me.html -O /dev/null`
			`# failJSON: { "time": "2013-07-17T22:54:32", "match": true , "host": "127.0.0.1" }`
			`[Wed Jul 17 22:54:32 2013] [error] [client 127.0.0.1] Authorization of user username to access /basic/authz_owner/cant_get_me.html failed, reason: file owner dan does not match.`
TST: apache-auth client denied by server configuration 2013-07-17 13:24:19 +00:00
TST: apache-auth digest logs 2013-07-17 14:36:17 +00:00			`# wget --http-user='username' --http-password='wrongpassword' http://localhost/digest/cant_get_me.html -O /dev/null`
			`# failJSON: { "time": "2013-07-17T23:50:37", "match": true , "host": "127.0.0.1" }`
			`[Wed Jul 17 23:50:37 2013] [error] [client 127.0.0.1] Digest: user username: password mismatch: /digest/cant_get_me.html`

			`# wget --http-user='username' --http-password='password' http://localhost/digest_wrongrelm/cant_get_me.html -O /dev/null`
			`# failJSON: { "time": "2013-07-18T00:08:39", "match": true , "host": "127.0.0.1" }`
			[Thu Jul 18 00:08:39 2013] [error] [client 127.0.0.1] Digest: user `username' in realm `digest private area' not found: /digest_wrongrelm/cant_get_me.html