From 6ce41a611d8f4a7daf8b522ba25aa230f726ca96 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Thu, 11 Jul 2013 22:13:51 +1000 Subject: [PATCH] BF: fix filter on apache-auth. Closes #286 --- ChangeLog | 3 ++- THANKS | 1 + config/filter.d/apache-auth.conf | 8 ++++++-- testcases/files/logs/apache-auth | 5 ++++- 4 files changed, 13 insertions(+), 4 deletions(-) diff --git a/ChangeLog b/ChangeLog index f0df7ddc..c289be80 100644 --- a/ChangeLog +++ b/ChangeLog @@ -11,7 +11,8 @@ ver. 0.8.11 (2013/XX/XXX) - wanna-be-released ----------- - Fixes: - + Daniel Black & Marcel Dopita + * filter.d/apache-auth -- fixed and apache auth samples provide. closes #286 - New Features: Daniel Black & ykimon * filter.d/3proxy.conf -- filter added diff --git a/THANKS b/THANKS index 47c3e999..26e8041f 100644 --- a/THANKS +++ b/THANKS @@ -28,6 +28,7 @@ Joël Bertrand Justin Shore Kévin Drapel kojiro +Marcel Dopita Mark Edgington Markus Hoffmann Marvin Rouge diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf index ae3232f2..aa906401 100644 --- a/config/filter.d/apache-auth.conf +++ b/config/filter.d/apache-auth.conf @@ -18,8 +18,12 @@ before = apache-common.conf # be used for standard IP/hostname matching and is only an alias for # (?:::f{4,6}:)?(?P[\w\-.^_]+) # Values: TEXT -# -failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$ + +# http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/mod_auth_basic.c + +failregex = ^%(_apache_error_client)s user .* authentication failure for "\S*": Password Mismatch$ + ^%(_apache_error_client)s user .* not found: \S*\s*$ + # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored. diff --git a/testcases/files/logs/apache-auth b/testcases/files/logs/apache-auth index cf0f6d30..744a3406 100644 --- a/testcases/files/logs/apache-auth +++ b/testcases/files/logs/apache-auth @@ -2,4 +2,7 @@ [Sat Jun 01 02:17:42 2013] [error] [client 192.168.33.1] File does not exist: /srv/http/site/[client 192.168.0.1] user root not found # should match -[Sat Jun 01 02:17:42 2013] [error] [client 192.168.0.2] user root not found +# from https://github.com/fail2ban/fail2ban/issues/286 +[Thu Jul 11 01:21:41 2013] [error] [client 194.228.20.113] user not found: / +[Thu Jul 11 01:21:43 2013] [error] [client 194.228.20.113] user dsfasdf not found: / +[Thu Jul 11 01:21:45 2013] [error] [client 194.228.20.113] user dsfasdf not found: /