Merge db9baf3735 into 86b9adb2f5

2025-06-23 12:42:01 +00:00 · 2025-06-23 12:42:01 +00:00 · 68b004b67b
parent 86b9adb2f5 db9baf3735
commit 68b004b67b
3 changed files with 7 additions and 2 deletions
--- a/2
+++ b/2
@ -1219,6 +1219,8 @@ ver. 0.9.6 (2016/12/10) - stretch-is-coming
    - optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
    - eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
    - optional port part after host (see gh-1533, gh-1581)
+* `filter.d/squid.conf`
+    - Recognize 407 Proxy Authentication Required as failures (gh-1615)

 ### New Features
 * New Actions:
--- a/config/filter.d/squid.conf
+++ b/config/filter.d/squid.conf
@ -1,10 +1,10 @@
-# Fail2Ban filter for Squid attempted proxy bypasses
+# Fail2Ban filter for Squid attempted proxy bypasses and bruteforcing
 #
 #

 [Definition]

-failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/403 .*$
+failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/40[37] .*$
            ^\s+\d\s<HOST>\s+NONE/405 .*$

 ignoreregex =
--- a/fail2ban/tests/files/logs/squid
+++ b/fail2ban/tests/files/logs/squid
@ -11,3 +11,6 @@

 # failJSON: { "time": "2013-12-09T00:09:06.000", "match": true , "host": "175.42.91.151" }
 1386544146.000      1 175.42.91.151 TCP_DENIED/403 3745 GET http://pkfsp.ru/wp-content/uploads/proxyc/engine.php - HIER_NONE/- text/html
+
+# failJSON: { "time": "2016-11-21T01:12:54.000", "match": true, "host": "98.189.78.228" }
+1479687174.000      1 98.189.78.228 TCP_DENIED/407 4259 CONNECT www.google.com:443 tgu1 HIER_NONE/- text/html