ENH: add squid filter

ChangeLog

@@ -32,6 +32,7 @@ ver. 0.8.12 (2013/12/XX) - things-can-only-get-better
     len("fail2ban-").
   - remove indentation of name and loglevel while logging to SYSLOG to
     resolve syslog(-ng) parsing problems. Closes Debian bug #730202.
+  - added squid filter. Thanks Roman Gelfand.
 
 - New Features:
 

THANKS

@@ -62,6 +62,7 @@ RealRancor
 René Berber
 Robert Edeker
 Rolf Fokkens
+Roman Gelfand
 Russell Odom
 Sebastian Arcus
 Sireyessire

config/filter.d/squid.conf

@@ -0,0 +1,13 @@
+# Fail2Ban filter for Squid attempted proxy bypasses
+#
+#
+
+[Definition]
+
+failregex = ^\s+\d\s<HOST>\s+[A-Z]+_DENIED/403 .*$
+            ^\s+\d\s<HOST>\s+NONE/405 .*$
+
+
+
+# Author: Daniel Black
+

testcases/files/logs/squid

@@ -0,0 +1,13 @@
+# Logs thanks to Roman Gelfand
+#
+# failJSON: { "time": "2013-12-08T23:55:23", "match": true , "host": "91.188.124.227" }
+1386543323.511      4 91.188.124.227 TCP_DENIED/403 4099 GET http://www.proxy-listen.de/azenv.php - HIER_NONE/- text/html
+
+# failJSON: { "time": "2013-12-08T23:58:20", "match": true , "host": "175.44.0.184" }
+1386543500.220      5 175.44.0.184 NONE/405 3364 CONNECT error:method-not-allowed - HIER_NONE/- text/html
+
+# failJSON: { "time": "2013-12-09T00:08:04", "match": true , "host": "198.74.125.200" }
+1386544084.763      3 198.74.125.200 TCP_DENIED/403 3722 GET http://www2t.biglobe.ne.jp/~take52/test/env.cgi - HIER_NONE/- text/html
+
+# failJSON: { "time": "2013-12-09T00:09:06", "match": true , "host": "175.42.91.151" }
+1386544146.088      1 175.42.91.151 TCP_DENIED/403 3745 GET http://pkfsp.ru/wp-content/uploads/proxyc/engine.php - HIER_NONE/- text/html