mirror of https://github.com/fail2ban/fail2ban
Added HAProxy HTTP Auth filter
parent
69aa1feac0
commit
e133762a28
|
@ -44,6 +44,8 @@ ver. 0.9.4 (2015/XX/XXX) - wanna-be-released
|
|||
request processing rate (ngx_http_limit_req_module)
|
||||
- murmur - ban hosts that repeatedly attempt to connect to
|
||||
murmur/mumble-server with an invalid server password or certificate.
|
||||
- haproxy-http-auth - filter to match failed HTTP Authentications against a
|
||||
HAProxy server
|
||||
* New jails:
|
||||
- murmur - bans TCP and UDP from the bad host on the default murmur port.
|
||||
* sshd filter got new failregex to match "maximum authentication
|
||||
|
|
|
@ -0,0 +1,37 @@
|
|||
# Fail2Ban filter configuration file to match failed login attempts to
|
||||
# HAProxy HTTP Authentication protected servers.
|
||||
#
|
||||
# PLEASE NOTE - When a user first hits the HTTP Auth a 401 is returned by the server
|
||||
# which prompts their browser to ask for login details.
|
||||
# This initial 401 is logged by HAProxy.
|
||||
# In other words, even successful logins will have at least 1 fail regex match.
|
||||
# Please keep this in mind when setting findtime and maxretry for jails.
|
||||
#
|
||||
# Author: Jordan Moeser
|
||||
#
|
||||
|
||||
[INCLUDES]
|
||||
|
||||
# Read common prefixes. If any customizations available -- read them from
|
||||
# common.local
|
||||
before = common.conf
|
||||
|
||||
|
||||
[Definition]
|
||||
|
||||
_daemon = haproxy
|
||||
|
||||
# Option: failregex
|
||||
# Notes.: regex to match the password failures messages in the logfile. The
|
||||
# host must be matched by a group named "host". The tag "<HOST>" can
|
||||
# be used for standard IP/hostname matching and is only an alias for
|
||||
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
|
||||
# Values: TEXT
|
||||
#
|
||||
failregex = ^%(__prefix_line)s<HOST>.*NOSRV.*401
|
||||
|
||||
# Option: ignoreregex
|
||||
# Notes.: regex to ignore. If this regex matches, the line is ignored.
|
||||
# Values: TEXT
|
||||
#
|
||||
ignoreregex =
|
|
@ -839,3 +839,12 @@ filter = screensharingd
|
|||
logpath = /var/log/system.log
|
||||
logencoding=utf-8
|
||||
maxretry = 4
|
||||
|
||||
[haproxy-http-auth]
|
||||
# HAProxy by default doesn't log to file you'll need to set it up to forward
|
||||
# logs to a syslog server which would then write them to disk.
|
||||
# See "haproxy-http-auth" filter for a brief cautionary note when setting
|
||||
# maxretry and findtime.
|
||||
enabled = false
|
||||
filter = haproxy-http-auth
|
||||
logpath = /var/log/haproxy.log
|
||||
|
|
|
@ -0,0 +1,4 @@
|
|||
# failJSON: { "match": false }
|
||||
Nov 14 22:45:27 test haproxy[760]: 192.168.33.1:58444 [14/Nov/2015:22:45:25.439] main app/app1 1939/0/1/0/1940 403 5168 - - ---- 3/3/0/0/0 0/0 "GET / HTTP/1.1"
|
||||
# failJSON: { "time": "2004-11-14T22:45:11", "match": true , "host": "192.168.33.1" }
|
||||
Nov 14 22:45:11 test haproxy[760]: 192.168.33.1:58430 [14/Nov/2015:22:45:11.608] main main/<NOSRV> -1/-1/-1/-1/0 401 248 - - PR-- 0/0/0/0/0 0/0 "GET / HTTP/1.1"
|
Loading…
Reference in New Issue