pull/1615/merge
Timothy Gu 2025-06-23 12:42:01 +00:00 committed by GitHub
commit 68b004b67b
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
3 changed files with 7 additions and 2 deletions

View File

@ -1219,6 +1219,8 @@ ver. 0.9.6 (2016/12/10) - stretch-is-coming
- optimized failregex to match all of "Failed any-method for ... from <HOST>" (gh-1479)
- eliminated possible complex injections (on user-name resp. auth-info, see gh-1479)
- optional port part after host (see gh-1533, gh-1581)
* `filter.d/squid.conf`
- Recognize 407 Proxy Authentication Required as failures (gh-1615)
### New Features
* New Actions:

View File

@ -1,10 +1,10 @@
# Fail2Ban filter for Squid attempted proxy bypasses
# Fail2Ban filter for Squid attempted proxy bypasses and bruteforcing
#
#
[Definition]
failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/403 .*$
failregex = ^\s+\d\s<HOST>\s+[A-Z_]+_DENIED/40[37] .*$
^\s+\d\s<HOST>\s+NONE/405 .*$
ignoreregex =

View File

@ -11,3 +11,6 @@
# failJSON: { "time": "2013-12-09T00:09:06.000", "match": true , "host": "175.42.91.151" }
1386544146.000 1 175.42.91.151 TCP_DENIED/403 3745 GET http://pkfsp.ru/wp-content/uploads/proxyc/engine.php - HIER_NONE/- text/html
# failJSON: { "time": "2016-11-21T01:12:54.000", "match": true, "host": "98.189.78.228" }
1479687174.000 1 98.189.78.228 TCP_DENIED/407 4259 CONNECT www.google.com:443 tgu1 HIER_NONE/- text/html