Detect Apache SNI error / misredirect attempts

pull/2097/head
benrubson 7 years ago
parent 218905c924
commit 30dc22fb2e

@ -24,6 +24,8 @@ failregex = ^client (?:denied by server configuration|used wrong authentication
^%(auth_type)sunknown algorithm `(?:[^']*|.*?)' received\b
^invalid qop `(?:[^']*|.*?)' received\b
^%(auth_type)sinvalid nonce .*? received - user attempted time travel\b
^Hostname .* provided via SNI(, but no hostname| and hostname .*) provided\b
^No hostname was provided via SNI for a name based virtual host\b
ignoreregex =

@ -125,6 +125,15 @@
# failJSON: { "time": "2013-11-18T22:39:33", "match": true , "host": "91.49.82.139" }
[Mon Nov 18 22:39:33 2013] [error] [client 91.49.82.139] user gg not found: /, referer: http://sj.hopto.org/management.html
# failJSON: { "time": "2018-03-28T01:31:42", "match": true , "host": "91.49.82.139" }
[Wed Mar 28 01:31:42.355210 2018] [ssl:error] [pid 6586] [client 91.49.82.139:58028] AH02031: Hostname www.testdom.com provided via SNI, but no hostname provided in HTTP request
# failJSON: { "time": "2018-03-28T01:31:42", "match": true , "host": "91.49.82.139" }
[Wed Mar 28 01:31:42.355210 2018] [ssl:error] [pid 6586] [client 91.49.82.139:58028] AH02032: Hostname www.testdom.com provided via SNI and hostname dummy.com provided via HTTP have no compatible SSL setup
# failJSON: { "time": "2018-03-28T01:31:42", "match": true , "host": "91.49.82.139" }
[Wed Mar 28 01:31:42.355210 2018] [ssl:error] [pid 6586] [client 91.49.82.139:58028] AH02033: No hostname was provided via SNI for a name based virtual host
# filterOptions: {"logging": "syslog"}
# failJSON: { "time": "2005-02-15T16:23:00", "match": true , "host": "192.0.2.1", "desc": "using syslog (ErrorLog syslog)" }

Loading…
Cancel
Save