mirror of https://github.com/fail2ban/fail2ban
Merge db9baf3735
into 86b9adb2f5
commit
68b004b67b
|
@ -1219,6 +1219,8 @@ ver. 0.9.6 (2016/12/10) - stretch-is-coming
|
|||
- optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
|
||||
- eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
|
||||
- optional port part after host (see gh-1533, gh-1581)
|
||||
* `filter.d/squid.conf`
|
||||
- Recognize 407 Proxy Authentication Required as failures (gh-1615)
|
||||
|
||||
### New Features
|
||||
* New Actions:
|
||||
|
|
|
@ -1,10 +1,10 @@
|
|||
# Fail2Ban filter for Squid attempted proxy bypasses
|
||||
# Fail2Ban filter for Squid attempted proxy bypasses and bruteforcing
|
||||
#
|
||||
#
|
||||
|
||||
[Definition]
|
||||
|
||||
failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/403 .*$
|
||||
failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/40[37] .*$
|
||||
^\s+\d\s<HOST>\s+NONE/405 .*$
|
||||
|
||||
ignoreregex =
|
||||
|
|
|
@ -11,3 +11,6 @@
|
|||
|
||||
# failJSON: { "time": "2013-12-09T00:09:06.000", "match": true , "host": "175.42.91.151" }
|
||||
1386544146.000 1 175.42.91.151 TCP_DENIED/403 3745 GET http://pkfsp.ru/wp-content/uploads/proxyc/engine.php - HIER_NONE/- text/html
|
||||
|
||||
# failJSON: { "time": "2016-11-21T01:12:54.000", "match": true, "host": "98.189.78.228" }
|
||||
1479687174.000 1 98.189.78.228 TCP_DENIED/407 4259 CONNECT www.google.com:443 tgu1 HIER_NONE/- text/html
|
||||
|
|
Loading…
Reference in New Issue