From 057f2f3c56c7d2c8396a05bc834ab95abcba0d04 Mon Sep 17 00:00:00 2001 From: Niklas Fiekas Date: Fri, 30 Sep 2016 11:08:07 +0200 Subject: [PATCH] make the ipv6 host regex greedy Previously the regex was lazily matching ``2606:2800:220:1:248:1893:25c8:1946`` as ``2606:2800:220:1:248:1893:25c8:1``. --- fail2ban/server/failregex.py | 2 +- fail2ban/tests/files/logs/nginx-limit-req | 6 ++++++ 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/fail2ban/server/failregex.py b/fail2ban/server/failregex.py index 7c512609..56dc7b14 100644 --- a/fail2ban/server/failregex.py +++ b/fail2ban/server/failregex.py @@ -77,7 +77,7 @@ class Regex: regex = regex.replace("", r); # closed r_host.append(r) # separated ipv6: - r = r"""(?P(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}?|(?<=:):))""" + r = r"""(?P(?:[0-9a-fA-F]{1,4}::?|::){1,7}(?:[0-9a-fA-F]{1,4}|(?<=:):))""" regex = regex.replace("", r); # self closed regex = regex.replace("", r); # closed r_host.append(r"""\[?%s\]?""" % (r,)); # enclose ipv6 in optional [] in host-regex diff --git a/fail2ban/tests/files/logs/nginx-limit-req b/fail2ban/tests/files/logs/nginx-limit-req index 68f1b239..9a77b45f 100644 --- a/fail2ban/tests/files/logs/nginx-limit-req +++ b/fail2ban/tests/files/logs/nginx-limit-req @@ -4,3 +4,9 @@ # failJSON: { "time": "2015-10-29T19:24:05", "match": true , "host": "192.0.2.0" } 2015/10/29 19:24:05 [error] 12684#12684: *22174 limiting requests, excess: 1.495 by zone "one", client: 192.0.2.0, server: example.com, request: "GET /index.php HTTP/1.1", host: "example.com", referrer: "https://example.com" + +# failJSON: { "time": "2016-09-30T08:36:06", "match": true, "host": "13.123.1.123" } +2016/09/30 08:36:06 [error] 22923#0: *4758725916 limiting requests, excess: 15.243 by zone "one", client: 13.123.1.123, server: example.com, request: "GET / HTTP/1.1", host: "example.com" + +# failJSON: { "time": "2016-09-30T08:36:06", "match": true, "host": "2606:2800:220:1:248:1893:25c8:1946" } +2016/09/30 08:36:06 [error] 22923#0: *4758725916 limiting requests, excess: 15.243 by zone "one", client: 2606:2800:220:1:248:1893:25c8:1946, server: example.com, request: "GET / HTTP/1.1", host: "example.com"