github
/
fail2ban
mirror of https://github.com/fail2ban/fail2ban
1
0
Fork 0
Code Issues Releases Wiki Activity

Merge pull request #424 from grooverdan/nginx-auth 

ENH: add filter.d/nginx-http-auth. Partially forfils #405
pull/427/head
Daniel Black 2013-11-08 14:24:02 -08:00
parent a169badb95 ab9d921162
commit d6bbe03861
5 changed files with 32 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
ChangeLog
View File

@ -112,6 +112,8 @@ some obscure corner of the Internet.
* filter.d/exim-spam.conf -- a splitout of exim's spam regexes
with additions for greater control over filtering spam.
* add date expression for apache-2.4 - milliseconds
* filter.d/nginx-http-auth -- filter added for http basic authentication
failures in nginx. Partially forfills gh-405.
Christophe Carles & Daniel Black
* filter.d/perdition.conf -- filter added
Mark McKinstry

1
THANKS
View File

@ -54,6 +54,7 @@ Michael Hanselmann
Nick Munger
Patrick Börjesson
Raphaël Marichez
RealRancor
René Berber
Robert Edeker
Rolf Fokkens

15
config/filter.d/nginx-http-auth.conf Normal file
View File

@ -0,0 +1,15 @@
# fail2ban filter configuration for nginx
[Definition]
failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"
ignoreregex =
# DEV NOTES:
# Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files
# Extensive search of all nginx auth failures not done yet.
#
# Author: Daniel Black

8
config/jail.conf
View File

@ -181,6 +181,14 @@ logpath = /var/log/apache*/*error.log
maxretry = 6
[nginx-http-auth]
enabled = false
filter = nginx-http-auth
action = iptables-multiport[name=nginx-http-auth,port="80,443"]
logpath = /var/log/nginx/error.log
# The hosts.deny path can be defined with the "file" argument if it is
# not in /etc.
[postfix-tcpwrapper]

6
testcases/files/logs/nginx-http-auth Normal file
View File

@ -0,0 +1,6 @@
# failJSON: { "time": "2012-04-09T11:53:29", "match": true , "host": "192.0.43.10" }
2012/04/09 11:53:29 [error] 2865#0: *66647 user "xyz" was not found in "/var/www/.htpasswd", client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com"
# failJSON: { "time": "2012-04-09T11:53:36", "match": true , "host": "192.0.43.10" }
2012/04/09 11:53:36 [error] 2865#0: *66647 user "xyz": password mismatch, client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com"