From 2c158fe16890b9e9f98a3428cc009f792618ba75 Mon Sep 17 00:00:00 2001 From: Nick Weeds Date: Sat, 13 Sep 2014 21:43:39 +0100 Subject: [PATCH] Add apache filter for AH01630 client denied by server configuration --- ChangeLog | 1 + config/filter.d/apache-auth.conf | 2 +- fail2ban/tests/files/logs/apache-auth | 3 +++ 3 files changed, 5 insertions(+), 1 deletion(-) diff --git a/ChangeLog b/ChangeLog index 0d2ffcc6..1a98c1a0 100644 --- a/ChangeLog +++ b/ChangeLog @@ -51,6 +51,7 @@ ver. 0.9.1 (2014/xx/xx) - better, faster, stronger * postfix-sasl - added journalmatch. Thanks Luc Maisonobe * postfix* - match with a new daemon string (postfix/submission/smtpd). Closes gh-804 . Thanks Paul Traina + * apache - added filter for AH01630 client denied by server configuration. - New features: - New filters: diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf index f4213487..8a63858d 100644 --- a/config/filter.d/apache-auth.conf +++ b/config/filter.d/apache-auth.conf @@ -10,7 +10,7 @@ before = apache-common.conf [Definition] -failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$ +failregex = ^%(_apache_error_client)s (AH(01797|01630): )?client denied by server configuration: (uri )?\S*(, referer: \S+)?\s*$ ^%(_apache_error_client)s (AH01617: )?user .*? authentication failure for "\S*": Password Mismatch(, referer: \S+)?$ ^%(_apache_error_client)s (AH01618: )?user .*? not found(: )?\S*(, referer: \S+)?\s*$ ^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*(, referer: \S+)?\s*$ diff --git a/fail2ban/tests/files/logs/apache-auth b/fail2ban/tests/files/logs/apache-auth index a01d2c76..5b7b3c48 100644 --- a/fail2ban/tests/files/logs/apache-auth +++ b/fail2ban/tests/files/logs/apache-auth @@ -19,6 +19,9 @@ # failJSON: { "time": "2013-07-20T21:34:49", "match": true , "host": "127.0.0.1" } [Sat Jul 20 21:34:49.453232 2013] [access_compat:error] [pid 17512:tid 140123104306944] [client 127.0.0.1:51380] AH01797: client denied by server configuration: /var/www/html/noentry/cant_get_me.html +# failJSON: { "time": "2014-09-14T21:44:43", "match": true , "host": "192.3.9.178" } +[Sun Sep 14 21:44:43.008606 2014] [authz_core:error] [pid 10691] [client 192.3.9.178:44271] AH01630: client denied by server configuration: /var/www/html/noentry/cant_get_me.html + # wget --http-user='' --http-password='' http://localhost/basic/file/cant_get_me.html -O /dev/null # failJSON: { "time": "2013-07-17T23:14:37", "match": true , "host": "127.0.0.1" } [Wed Jul 17 23:14:37 2013] [error] [client 127.0.0.1] user not found: /basic/anon/cant_get_me.html