From 9ca137b42b3b7f3936cc912fc12ef8ae332ecb55 Mon Sep 17 00:00:00 2001 From: "Sergey G. Brester" Date: Fri, 15 Mar 2024 22:23:45 +0100 Subject: [PATCH 1/2] test for apache-auth with remote, gh-3622 --- fail2ban/tests/files/logs/apache-auth | 3 +++ 1 file changed, 3 insertions(+) diff --git a/fail2ban/tests/files/logs/apache-auth b/fail2ban/tests/files/logs/apache-auth index fd3bae82..f87ebaed 100644 --- a/fail2ban/tests/files/logs/apache-auth +++ b/fail2ban/tests/files/logs/apache-auth @@ -137,6 +137,9 @@ # failJSON: { "match": false, "desc": "ignore mod_evasive errors in normal mode (gh-2548)" } [Thu Oct 17 18:43:40.160521 2019] [evasive20:error] [pid 22589] [client 192.0.2.1:56175] client denied by server configuration: /path/index.php, referer: https://hostname/path/ +# failJSON: { "time": "2023-11-06T13:39:56", "match": true , "host": "192.0.2.111", "desc": "remote instead of client, gh-3622" } +[Mon Nov 06 13:39:56.637868 2023] [auth_basic:error] [pid 3175001:tid 140494544914112] [remote 192.0.2.111:35924] AH01618: user whatever not found: /admin + # filterOptions: {"mode": "aggressive"} # failJSON: { "time": "2019-10-17T18:43:40", "match": true, "host": "192.0.2.1", "desc": "accept mod_evasive errors in aggressive mode (gh-2548)" } From f63868b3e85400d16ebf9bdce686600b7cf2e616 Mon Sep 17 00:00:00 2001 From: "Sergey G. Brester" Date: Fri, 15 Mar 2024 22:36:40 +0100 Subject: [PATCH 2/2] filter.d/apache-common.conf: remote besides client, gh-3622 --- config/filter.d/apache-common.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/config/filter.d/apache-common.conf b/config/filter.d/apache-common.conf index 6577fe7d..7932066d 100644 --- a/config/filter.d/apache-common.conf +++ b/config/filter.d/apache-common.conf @@ -29,7 +29,7 @@ apache-prefix = > apache-pref-ignore = -_apache_error_client = \[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[client (:\d{1,5})?\] +_apache_error_client = \[(:?error|\S+:\S+)\]( \[pid \d+(:\S+ \d+)?\])? \[(?:client|remote) (:\d{1,5})?\] datepattern = {^LN-BEG}