github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

RF: do not catch for now "invalid nonce \S* received - hash is not \S*" -- imho needs more analysis

pull/341/merge
Yaroslav Halchenko 2013-08-24 23:05:31 -04:00
parent 5dfceee8cf
commit 265a85ec1f
2 changed files with 4 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
config/filter.d/apache-auth.conf
View File

@ -42,7 +42,7 @@ failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server config
^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*: password mismatch: \S*\s*$
^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*' in realm `.+' (not found|denied by provider): \S*\s*$
^%(_apache_error_client)s (AH01631: )?user .*: authorization failure for "\S*":\s*$
^%(_apache_error_client)s (AH0177[56]: )?(Digest: )?invalid nonce .* received - (length|hash) is not \S+\s*$
^%(_apache_error_client)s (AH01775: )?(Digest: )?invalid nonce .* received - length is not \S+\s*$
^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*' but expected `.+'\s*$
^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*' received: \S*\s*$
^%(_apache_error_client)s (AH01793: )?invalid qop `.*' received: \S*\s*$

5
testcases/files/logs/apache-auth
View File

@ -83,11 +83,12 @@
# ./testcases/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-28T21:16:37", "match": true , "host": "127.0.0.1" }
# yoh: ATM it should not match because matching failregex is still under "investigation"
# failJSON: { "time": "2013-07-28T21:16:37", "match": false , "host": "127.0.0.1" }
[Sun Jul 28 21:16:37 2013] [error] [client 127.0.0.1] Digest: invalid nonce l19lgpDiBAZZZf1ec3d9613f3b3ef43660e3628d78455fd8b937 received - hash is not 6fda8bbcbcf85ff1ebfe7d1c43faba583bc53a02
# ./testcases/files/config/apache-auth/digest.py
# failJSON: { "time": "2013-07-28T21:18:11", "match": true , "host": "127.0.0.1" }
# failJSON: { "time": "2013-07-28T21:18:11", "match": false , "host": "127.0.0.1" }
[Sun Jul 28 21:18:11.769228 2013] [auth_digest:error] [pid 24752:tid 139895505884928] [client 127.0.0.1:56964] AH01776: invalid nonce b9YAiJDiBAZZZ1b1abe02d20063ea3b16b544ea1b0d981c1bafe received - hash is not d42d824dee7aaf50c3ba0a7c6290bd453e3dd35b
# ./testcases/files/config/apache-auth/digest.py