diff --git a/ChangeLog b/ChangeLog index 3d9d1a96..34774a5b 100644 --- a/ChangeLog +++ b/ChangeLog @@ -112,6 +112,8 @@ some obscure corner of the Internet. * filter.d/exim-spam.conf -- a splitout of exim's spam regexes with additions for greater control over filtering spam. * add date expression for apache-2.4 - milliseconds + * filter.d/nginx-http-auth -- filter added for http basic authentication + failures in nginx. Partially forfills gh-405. Christophe Carles & Daniel Black * filter.d/perdition.conf -- filter added Mark McKinstry diff --git a/THANKS b/THANKS index e70ca9c9..5f6d1b2b 100644 --- a/THANKS +++ b/THANKS @@ -54,6 +54,7 @@ Michael Hanselmann Nick Munger Patrick Börjesson Raphaël Marichez +RealRancor René Berber Robert Edeker Rolf Fokkens diff --git a/config/filter.d/nginx-http-auth.conf b/config/filter.d/nginx-http-auth.conf new file mode 100644 index 00000000..00f152b7 --- /dev/null +++ b/config/filter.d/nginx-http-auth.conf @@ -0,0 +1,15 @@ +# fail2ban filter configuration for nginx + + +[Definition] + + +failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: , server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+" + +ignoreregex = + +# DEV NOTES: +# Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files +# Extensive search of all nginx auth failures not done yet. +# +# Author: Daniel Black diff --git a/config/jail.conf b/config/jail.conf index 23e30c83..486ea078 100644 --- a/config/jail.conf +++ b/config/jail.conf @@ -181,6 +181,14 @@ logpath = /var/log/apache*/*error.log maxretry = 6 +[nginx-http-auth] + +enabled = false +filter = nginx-http-auth +action = iptables-multiport[name=nginx-http-auth,port="80,443"] +logpath = /var/log/nginx/error.log + + # The hosts.deny path can be defined with the "file" argument if it is # not in /etc. [postfix-tcpwrapper] diff --git a/testcases/files/logs/nginx-http-auth b/testcases/files/logs/nginx-http-auth new file mode 100644 index 00000000..0fa7a7bd --- /dev/null +++ b/testcases/files/logs/nginx-http-auth @@ -0,0 +1,6 @@ + +# failJSON: { "time": "2012-04-09T11:53:29", "match": true , "host": "192.0.43.10" } +2012/04/09 11:53:29 [error] 2865#0: *66647 user "xyz" was not found in "/var/www/.htpasswd", client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com" +# failJSON: { "time": "2012-04-09T11:53:36", "match": true , "host": "192.0.43.10" } +2012/04/09 11:53:36 [error] 2865#0: *66647 user "xyz": password mismatch, client: 192.0.43.10, server: www.myhost.com, request: "GET / HTTP/1.1", host: "www.myhost.com" +