From 6d3bfa8781a79bd838a999b58ae587c4ed2aedbd Mon Sep 17 00:00:00 2001
From: "Sergey G. Brester" <github@sebres.de>
Date: Sun, 20 Jul 2025 15:04:15 +0200
Subject: [PATCH] revert RE back, but relive the end-anchor a bit (ignore any
 text without single quote, so also preventing false match by injection on
 foreign data)

---
 config/filter.d/asterisk.conf | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/config/filter.d/asterisk.conf b/config/filter.d/asterisk.conf
index 4aae47d3..631ccbbc 100644
--- a/config/filter.d/asterisk.conf
+++ b/config/filter.d/asterisk.conf
@@ -27,8 +27,7 @@ failregex = ^Registration from '[^']*' failed for '<HOST>(:\d+)?' - (?:Wrong pas
             ^hacking attempt detected '<HOST>'$
             ^SecurityEvent="(?:FailedACL|InvalidAccountID|ChallengeResponseFailed|InvalidPassword)"(?:(?:,(?!RemoteAddress=)\w+="[^"]*")*|.*?),RemoteAddress="IPV[46]/[^/"]+/<HOST>/\d+"(?:,(?!RemoteAddress=)\w+="[^"]*")*$
             ^"Rejecting unknown SIP connection from <HOST>(?::\d+)?"$
-            ^Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - No matching endpoint found(?:\s+after\s+\d+\s+tries\s+in\s+[\d.]+\s+ms)?\s*$
-            ^Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\s*$
+            ^Request (?:'[^']*' )?from '(?:[^']*|.*?)' failed for '<HOST>(?::\d+)?'\s\(callid: [^\)]*\) - (?:No matching endpoint found|Not match Endpoint(?: Contact)? ACL|(?:Failed|Error) to authenticate)\b[^']*$
 
 # FreePBX (todo: make optional in v.0.10):
 #            ^(%(__prefix_line)s|\[\]\s*WARNING%(__pid_re)s:?(?:\[C-[\da-f]*\])? )[^:]+: Friendly Scanner from <HOST>$