From 811bcfe6f38864e7fa3b2b8d800671fca523ada9 Mon Sep 17 00:00:00 2001 From: Giuseppe Scarlato Date: Mon, 11 Oct 2021 16:22:01 +0200 Subject: [PATCH] Update haproxy-http-auth.conf --- config/filter.d/haproxy-http-auth.conf | 4 ++-- fail2ban/tests/files/logs/haproxy-http-auth | 10 ++++++++++ 2 files changed, 12 insertions(+), 2 deletions(-) diff --git a/config/filter.d/haproxy-http-auth.conf b/config/filter.d/haproxy-http-auth.conf index f92f9d67..7ca08c40 100644 --- a/config/filter.d/haproxy-http-auth.conf +++ b/config/filter.d/haproxy-http-auth.conf @@ -7,7 +7,7 @@ # In other words, even successful logins will have at least 1 fail regex match. # Please keep this in mind when setting findtime and maxretry for jails. # -# Author: Jordan Moeser +# Author: Jordan Moeser, Giuseppe Scarlato # [INCLUDES] @@ -28,7 +28,7 @@ _daemon = haproxy # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT # -failregex = ^%(__prefix_line)s(?::\d+)?\s+.* -1/-1/-1/-1/\+*\d* 401 +failregex = ^%(__prefix_line)s(?::\d+)?\s+.* (?:\d+|-1)/-1/-1/-1/\+?\d+ 401 # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/fail2ban/tests/files/logs/haproxy-http-auth b/fail2ban/tests/files/logs/haproxy-http-auth index 403a8083..226b65dc 100644 --- a/fail2ban/tests/files/logs/haproxy-http-auth +++ b/fail2ban/tests/files/logs/haproxy-http-auth @@ -6,3 +6,13 @@ Nov 14 22:45:11 test haproxy[760]: 192.168.33.1:58430 [14/Nov/2015:22:45:11.608] Nov 14 22:45:11 test haproxy[760]: 2001:db8::1234:58430 [14/Nov/2015:22:45:11.608] main main/ -1/-1/-1/-1/0 401 248 - - PR-- 0/0/0/0/0 0/0 "GET / HTTP/1.1" # failJSON: { "time": "2004-11-14T22:45:11", "match": true , "host": "192.168.33.1" } Nov 14 22:45:11 test haproxy[760]: ::ffff:192.168.33.1:58430 [14/Nov/2015:22:45:11.608] main main/ -1/-1/-1/-1/0 401 248 - - PR-- 0/0/0/0/0 0/0 "GET / HTTP/1.1" +# failJSON: { "time": "2004-10-11T15:02:29", "match": true , "host": "192.168.1.54" } +Oct 11 15:02:29 localhost haproxy[838]: 192.168.1.54:48556 [11/Oct/2021:15:02:29.601] public~ public/ 0/-1/-1/-1/0 401 256 - - LR-- 2/2/0/0/0 0/0 "GET / HTTP/1.1" +# failJSON: { "time": "2004-10-11T15:02:29", "match": true , "host": "192.168.1.54" } +Oct 11 15:02:29 localhost haproxy[838]: 192.168.1.54:48556 [11/Oct/2021:15:02:29.601] public~ public/ 154/-1/-1/-1/+154 401 256 - - LR-- 2/2/0/0/0 0/0 "GET / HTTP/1.1" +# failJSON: { "time": "2004-10-11T15:02:29", "match": false , "host": "192.168.1.54" } +Oct 11 15:02:29 localhost haproxy[838]: 192.168.1.54:48556 [11/Oct/2021:15:02:29.601] public~ public/ 154/-1/-1/-1/++154 401 256 - - LR-- 2/2/0/0/0 0/0 "GET / HTTP/1.1" +# failJSON: { "time": "2004-10-11T15:02:29", "match": false , "host": "192.168.1.54" } +Oct 11 15:02:29 localhost haproxy[838]: 192.168.1.54:48556 [11/Oct/2021:15:02:29.601] public~ public/ 154/-1/-1/-1/+ 401 256 - - LR-- 2/2/0/0/0 0/0 "GET / HTTP/1.1" +# failJSON: { "time": "2004-10-11T15:02:29", "match": false , "host": "192.168.1.54" } +Oct 11 15:02:29 localhost haproxy[838]: 192.168.1.54:48556 [11/Oct/2021:15:02:29.601] public~ public/ 401/-1/-1/-1/401 302 256 - - LR-- 2/2/0/0/0 0/0 "GET / HTTP/1.1"