diff --git a/config/filter.d/nginx-bad-request.conf b/config/filter.d/nginx-bad-request.conf index 12c14ab7..07df73b2 100644 --- a/config/filter.d/nginx-bad-request.conf +++ b/config/filter.d/nginx-bad-request.conf @@ -5,7 +5,7 @@ # The request often doesn't contain a method, only some encoded garbage # This will also match requests that are entirely empty -failregex = ^ - \S+ \[\] "[^"]*" 400 +failregex = ^ - \S+ \[\] "[^"]*" [4-5]0[0-9] datepattern = {^LN-BEG}%%ExY(?P<_sep>[-/.])%%m(?P=_sep)%%d[T ]%%H:%%M:%%S(?:[.,]%%f)?(?:\s*%%z)? ^[^\[]*\[({DATE}) diff --git a/fail2ban/tests/files/logs/nginx-bad-request b/fail2ban/tests/files/logs/nginx-bad-request index a9ff6497..1ab5fd0e 100644 --- a/fail2ban/tests/files/logs/nginx-bad-request +++ b/fail2ban/tests/files/logs/nginx-bad-request @@ -20,4 +20,7 @@ 7.8.9.10 - root [20/Jan/2015:01:17:07 +0100] "CONNECT 123.123.123.123 HTTP/1.1" 400 162 "-" "-" "-" # failJSON: { "time": "2014-12-12T22:59:02", "match": true , "host": "2.5.2.5" } -2.5.2.5 - tomcat [12/Dec/2014:22:59:02 +0100] "GET /cgi-bin/tools/tools.pl HTTP/1.1" 400 162 "-" "-" "-" \ No newline at end of file +2.5.2.5 - tomcat [12/Dec/2014:22:59:02 +0100] "GET /cgi-bin/tools/tools.pl HTTP/1.1" 400 162 "-" "-" "-" + +# failJSON: { "time": "2014-12-12T22:59:02", "match": true , "host": "192.168.144.1" } +192.168.144.1 - - [12/Dec/2014:22:59:02 +0100] "GET /adsf HTTP/1.1" 404 118 "-" "-" "-" \ No newline at end of file