From fd7cc5bda75625052fd4fbf3f7e68f00bd3fa0f9 Mon Sep 17 00:00:00 2001 From: Daniel Black Date: Sun, 25 Aug 2013 21:13:11 +1000 Subject: [PATCH] BF: duplicate regex match fixed --- config/filter.d/apache-auth.conf | 6 +++--- config/filter.d/apache-common.conf | 2 +- config/filter.d/apache-nohome.conf | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) diff --git a/config/filter.d/apache-auth.conf b/config/filter.d/apache-auth.conf index 7adb0fcf..fa828b72 100644 --- a/config/filter.d/apache-auth.conf +++ b/config/filter.d/apache-auth.conf @@ -36,17 +36,17 @@ before = apache-common.conf # failregex = ^%(_apache_error_client)s (AH01797: )?client denied by server configuration: (uri )?\S*\s*$ ^%(_apache_error_client)s (AH01617: )?user .* authentication failure for "\S*": Password Mismatch$ - ^%(_apache_error_client)s (AH01618: )?user .* not found: \S*\s*$ + ^%(_apache_error_client)s (AH01618: )?user .* not found(: )?\S*\s*$ ^%(_apache_error_client)s (AH01614: )?client used wrong authentication scheme: \S*\s*$ ^%(_apache_error_client)s (AH\d+: )?Authorization of user \S+ to access \S* failed, reason: .*$ ^%(_apache_error_client)s (AH0179[24]: )?(Digest: )?user .*: password mismatch: \S*\s*$ - ^%(_apache_error_client)s (AH0179[01]: )?(Digest: )?user `.*' in realm `.+' (not found|denied by provider): \S*\s*$ + ^%(_apache_error_client)s (AH0179[01]: |Digest: )user `.*' in realm `.+' (not found|denied by provider): \S*\s*$ ^%(_apache_error_client)s (AH01631: )?user .*: authorization failure for "\S*":\s*$ ^%(_apache_error_client)s (AH0177[56]: )?(Digest: )?invalid nonce .* received - (length|hash) is not \S+\s*$ ^%(_apache_error_client)s (AH01788: )?(Digest: )?realm mismatch - got `.*' but expected `.+'\s*$ ^%(_apache_error_client)s (AH01789: )?(Digest: )?unknown algorithm `.*' received: \S*\s*$ ^%(_apache_error_client)s (AH01793: )?invalid qop `.*' received: \S*\s*$ - ^%(_apache_error_client)s (AH01777: )?invalid nonce .* received - user attempted time travel\s*$ + ^%(_apache_error_client)s (AH01777: )?(Digest: )?invalid nonce .* received - user attempted time travel\s*$ # Option: ignoreregex diff --git a/config/filter.d/apache-common.conf b/config/filter.d/apache-common.conf index 69364247..134fad29 100644 --- a/config/filter.d/apache-common.conf +++ b/config/filter.d/apache-common.conf @@ -18,4 +18,4 @@ after = apache-common.local # 2.2: [Sat Jun 01 11:23:08 2013] [error] [client 1.2.3.4] # 2.4: [Thu Jun 27 11:55:44.569531 2013] [core:info] [pid 4101:tid 2992634688] [client 1.2.3.4:46652] # Reference: https://github.com/fail2ban/fail2ban/issues/268 -_apache_error_client = \[[^]]*\] \[(error|core:\S+)\]( \[pid \d+:\S+ \d+\])? \[client (:\d{1,5})?\]( \S+:)? +_apache_error_client = \[[^]]*\] \[(error|\S+:\S+)\]( \[pid \d+:\S+ \d+\])? \[client (:\d{1,5})?\] diff --git a/config/filter.d/apache-nohome.conf b/config/filter.d/apache-nohome.conf index 1347b10d..0eede317 100644 --- a/config/filter.d/apache-nohome.conf +++ b/config/filter.d/apache-nohome.conf @@ -19,7 +19,7 @@ before = apache-common.conf # per-domain log files. # Values: TEXT # -failregex = ^%(_apache_error_client)s File does not exist: .*/~.* +failregex = ^%(_apache_error_client)s (AH00128: )?File does not exist: .*/~.* # Option: ignoreregex # Notes.: regex to ignore. If this regex matches, the line is ignored.