BF: fix filter on apache-auth. Closes #286

ChangeLog

@@ -11,7 +11,8 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released
 -----------
 
 - Fixes:
-  
+  Daniel Black & Marcel Dopita
+   * filter.d/apache-auth -- fixed and apache auth samples provide. closes #286
 - New Features:
   Daniel Black & ykimon
    * filter.d/3proxy.conf -- filter added

THANKS

@@ -28,6 +28,7 @@ Joël Bertrand
 Justin Shore
 Kévin Drapel
 kojiro
+Marcel Dopita
 Mark Edgington
 Markus Hoffmann
 Marvin Rouge

config/filter.d/apache-auth.conf

@@ -18,8 +18,12 @@ before = apache-common.conf
 #          be used for standard IP/hostname matching and is only an alias for
 #          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
 # Values:  TEXT
-#
-failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$
+
+# http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_basic.c
+
+failregex = ^%(_apache_error_client)s user .* authentication failure for "\S*": Password Mismatch$
+            ^%(_apache_error_client)s user .* not found: \S*\s*$
+
 
 # Option:  ignoreregex
 # Notes.:  regex to ignore. If this regex matches, the line is ignored.

testcases/files/logs/apache-auth

@@ -2,4 +2,7 @@
 [Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found
 
 # should match
-[Sat Jun 01 02:17:42 2013] [error] [client 192.168.0.2] user root not found
+# from https://github.com/fail2ban/fail2ban/issues/286
+[Thu Jul 11 01:21:41 2013] [error] [client 194.228.20.113] user  not found: /
+[Thu Jul 11 01:21:43 2013] [error] [client 194.228.20.113] user dsfasdf not found: /
+[Thu Jul 11 01:21:45 2013] [error] [client 194.228.20.113] user dsfasdf not found: /