Sergey G. Brester
7dbd3a07eb
cut comment to limit documented on abuseipdb, additionally use curl in quiet mode
2019-06-07 14:39:55 +02:00
Carlos Ferreira
7b73cb7639
Switch to AbuseIPDB API v2
2019-06-07 14:39:52 +02:00
sebres
5137cd2ec8
Merge branch '0.10' into 0.11
2019-05-14 21:40:50 +02:00
sebres
49bf6132cc
amend for 3036ed18893b6aae6619e53201aa53deb701b94f: eliminate "invalid sequence" warnings
2019-05-14 21:40:33 +02:00
sebres
f69a8693fc
Merge branch '0.10' into 0.11
2019-05-14 20:19:29 +02:00
sebres
0426a24719
filter.d/postfix.conf: (closes gh-2426) filter extended to catch "5.1.1" (Recipient address rejected: User unknown in local recipient table) with RCPT (and some session-id instead of "NOQUEUE")
2019-05-14 15:27:20 +02:00
sebres
ca85ddc866
Merge branch '0.10' into 0.11
2019-05-10 16:23:50 +02:00
sebres
d8d71c5a22
action.d/helpers-common.conf: grep arguments are rewritten - using options `-wF` to match only whole words and fixed string (not as pattern)
2019-05-10 16:17:13 +02:00
chtheis
fa727586ff
Fix grep pattern to deal with Apache's error log
...
Apache's error log appends the port to the IP address, other logs don't.
2019-05-10 16:04:27 +02:00
sebres
74eac6c94f
Merge branch '0.10' into 0.11
2019-05-02 15:28:44 +02:00
sebres
23d2281e57
action.d/nginx-block-map.conf: small fix with better RE-rule for removal of ID (token/session) via sed (anchored now)
2019-05-02 15:22:45 +02:00
benrubson
5b2b680bfe
SSHd add Bad protocol version message
2019-05-02 11:42:45 +02:00
Sergey G. Brester
b318eb7e33
closes gh-2408: prevent execution of action `abuseipdb` for restored tickets
2019-04-29 10:45:37 +02:00
sebres
c47bb523b7
Merge branch '0.10' into 0.11
2019-04-24 21:58:27 +02:00
Holston
422a2de7fe
updated
2019-04-24 21:35:19 +02:00
Holston
a581bf3f08
Fixed filter for Apache mod_security
2019-04-24 21:35:17 +02:00
Holston
5d6a84ba78
Updated to correct logging option
2019-04-24 21:35:15 +02:00
sebres
f0c5bd56f4
Merge branch '0.10' into 0.11 (conflicts resolved)
2019-04-19 13:20:38 +02:00
sebres
25f1aa334e
fail2ban.conf: move default settings into DEFAULT section (to be more similar to jail.conf, Definition section overwrites the options, so it is backwards compatible)
2019-04-18 20:53:11 +02:00
sebres
0386df0042
introduced new options: `dbmaxmatches` (fail2ban.conf) and `maxmatches` (jail.conf);
...
setting `maxmatches` and `dbmaxmatches` to 0 saves memory usage and database size (closes gh-2118).
2019-04-18 20:31:39 +02:00
sebres
337be4b36c
Merge remote-tracking branch 'remotes/gh-upstream/0.10' into 0.11
2019-04-18 13:47:44 +02:00
Sergey G. Brester
28c1da33dc
Merge pull request #2387 from sebres/logtype-option-journal
...
New backend-related option `logtype` (`journal` or `file`)
2019-04-18 13:27:42 +02:00
Sergey G. Brester
6c7093c66d
minor amend, refolding branches (SP|SA -> S[PA])
2019-04-04 02:28:50 +02:00
Amir Caspi
ffd5d0db78
Update sendmail-reject.conf
...
On some distros (e.g., CentOS 7), sendmail default config labels port 465 as TLSMTA and port 587 as MSA. Update failregex to reflect. Relevant loglines included in 9e1fa4ff73
2019-03-29 17:39:27 -06:00
sebres
ced9828d04
filter.d/sendmail-reject.conf: fixed gh-2385 for some systems (e. g. CentOS): if only identifier set to `sm-mta` (no unit `sendmail`) for some messages.
2019-03-29 14:24:06 +01:00
sebres
ec681a3363
backend `systemd` sets `logtype` to `journal` automatically;
...
sshd-journal: new test covering sshd journal logging format (matches short prefix-line simulating output of formatJournalEntry);
samplestestcase-factory extended with new option `fileOptions` to set common filter/test options for whole test-file
2019-03-29 14:24:00 +01:00
sebres
e268bf97d4
introduces new configuration parameter "logtype" (default "file" for file-backends, and "journal" for journal-backends);
...
common.conf: differentiate "__prefix_line" for file/journal logtype's (speedup and fix parsing of systemd-journal);
samplestestcase.py: extends testSampleRegexsFactory to allow coverage of journal logtype;
closes gh-2383: asterisk can log timestamp if logs into systemd-journal (regex extended with optional part matching this)
2019-03-29 14:23:57 +01:00
sebres
17a4f81e23
Merge branch '0.10' into 0.11
2019-03-27 13:46:56 +01:00
sebres
e8401a7e65
action.d/xarf-login-attack.conf: fixes gh-2372, correction for split of addresses, interpolation is shell-independent now, etc;
...
extended with option `boundary`, additionally dynamic boundary part is used (is not so predictable as it was previously);
2019-03-16 00:05:06 +01:00
Sergey G. Brester
7a7a905ab2
0.9 - Merge pull request #2339 from cFire/master
...
Add override for dovecot failed logins on debian
2019-03-14 11:45:46 +01:00
sebres
4e2c7b9fdd
Merge branch '0.10' into 0.11
2019-03-12 17:01:03 +01:00
sebres
741cf8fb0e
Merge branch 'master-0.9' into 0.10
2019-03-12 16:58:08 +01:00
sebres
1a9527e6a4
fixed catch-all on user (and simplifying)
2019-03-12 16:53:36 +01:00
jim
a7f3ba87f6
filter.d/sogo-auth.conf: fixes gh-2289 - matching auth-failures when behind a proxy;
...
(broken by commit 72b06479a5
), replacement for gh-2290.
2019-03-12 16:50:04 +01:00
sebres
324f0ed7cc
Merge branch '0.10' into 0.11
2019-03-01 12:36:07 +01:00
sebres
3c70fe298a
closes gh-969: introduces new section `[Thread]` and option `stacksize` to configure default stack-size of the threads running in fail2ban. Example:
...
```ini
[Thread]
stacksize = 32
```
2019-02-24 16:45:14 +01:00
sebres
5126068099
loglevel and shortloglevel combined to single parameter loglevel, below an example logging summary with NOTICE and rest with DEBUG log-levels:
...
action = badips.py[... , loglevel="debug, notice"]
2019-02-22 14:05:19 +01:00
benrubson
689938ee99
Add a shortloglevel badips.py option
2019-02-22 13:32:46 +01:00
sebres
a3b7a0525a
Merge branch '0.10' into 0.11
2019-02-22 13:22:52 +01:00
sebres
140243328f
coverage: try to avoid sporadic "coverage decreased" in CI
2019-02-22 13:20:40 +01:00
Sergey G. Brester
d3f6d6ffdd
Merge pull request #2286 from crazy-max/0.10
...
New filter `traefik-auth`
2019-02-21 22:27:04 +01:00
Sergey G. Brester
dcede9b3f1
comment rewritten (belongs to the filter)
2019-02-21 22:26:28 +01:00
Sergey G. Brester
d84fb8a4b1
regex rewritten (more secure now, resolves catch-all vulni)
2019-02-21 22:19:04 +01:00
sebres
9ed35c423a
Merge branch '0.9' into 0.10 (gh-2317)
2019-02-21 20:13:54 +01:00
Yaroslav Halchenko
31e6ec3c5b
Merge pull request #2323 from todgru/fix-spelling-abuseipdb-conf
...
fix: correct spelling category
2019-02-15 17:08:45 -05:00
Cool Fire
27526e431b
Changes static logfile string to variable
...
Since we don't want to re-declare a log file name we already
have a varialbe for, use the existing variable to set dovecot_log.
2019-02-13 10:10:24 +01:00
Cool Fire
b31a018e7c
Add override for dovecot failed logins on debian
2019-02-13 10:01:14 +01:00
sebres
1647d0090e
Merge branch '0.10' into 0.11
2019-02-11 19:19:44 +01:00
sebres
e651bc7866
amend to #1622 : jail-reader supports now multi-line option for multi-line action parameter:
...
logpath = a.log
b.log
c.log
action = ban[...]
= log[logpath="%(logpath)s"]
closes gh-2341, ultimate fix for gh-976
2019-02-11 11:54:58 +01:00
todgru
39ed016a1e
fix: correct spelling category
2019-01-14 22:08:38 -08:00
sebres
d88ce7181c
Merge branch '0.10' into 0.11
2019-01-07 01:51:59 +01:00
sebres
a13fdcf4f7
closes gh-2314: extended regex for mysql 8.0.13 if used logging with details (e. g. log-error-verbosity = 3, so log output has few additional words enclosed in brackets after "[Note]").
2019-01-07 01:34:12 +01:00
Yannik Sembritzki
6b4404b1bc
Fix asterisk filter not catching attackers when port is logged ( Fixes #2316 )
2019-01-03 23:55:42 +01:00
CrazyMax
7cdabdd7ae
Update traefik-auth failregex
2018-12-14 19:06:09 +01:00
CrazyMax
a51f82770b
New filter `traefik-auth`
2018-11-24 22:44:44 +01:00
sebres
b49c1ab4b3
Merge branch '0.10' into 0.11
2018-11-21 13:06:44 +01:00
sebres
555b29e8e6
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-11-21 13:05:42 +01:00
sebres
1c1d2cc435
introduces new failregex-flag tag `<F-MLFGAINED>` signaled that the access to service was gained (ATM used similar to <F-NOFAIL>, but does not added to matches);
...
filter.d/sshd.conf: extended with new rules:
- Disconnecting ...: Change of username or service not allowed
- Disconnected from ... [preauth] (extra/aggressive mode only)
2018-11-19 21:19:57 +01:00
dienteperro
0df221b54b
"be" instead of "me" in shorewall.conf
2018-11-15 14:34:51 -05:00
sebres
f9f7e29295
Merge branch '0.10' into 0.11 (version bump after r.0.10.4)
2018-10-04 13:08:25 +02:00
Shane Forsythe
8614ca8c41
Update proftpd.conf
...
proftpd 1.3.5e can leave inconsistent error message if ftp or mod_sftp is used
Oct 2 15:45:31 ftp01 proftpd[5516]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted
Oct 2 15:45:44 ftp01 proftpd[5517]: 10.10.2.13 (10.10.2.189[10.10.2.189]) - SECURITY VIOLATION: Root login attempted.
Fix regex to make trailing period optional, otherwise brute force attacks against root account using ftp are not blocked correctly.
2018-10-02 17:24:33 -04:00
Sergey G. Brester
1752c19b6f
Merge pull request #2205 from benrubson/patch-1
...
Add loglevel option to badips.py
2018-10-02 13:12:03 +02:00
Sergey G. Brester
65676baf8c
fixed py3 incompatibility (for some reasons this file seems to be excluded from 2to3), anyway not needed, because int-type is already checked in str2LogLevel
2018-10-02 13:00:20 +02:00
Sergey G. Brester
4b751c84c3
badips.py: Rewrite new bool option "log" as "loglevel" and revert default to log-level (DEBUG).
2018-10-02 12:32:15 +02:00
sebres
6b52f90ad6
Merge branch '0.10' into 0.11
2018-09-21 15:54:16 +02:00
sebres
58b510a5be
filter.d/domino-smtp.conf:
...
- recognizes failures logged using another format (something like session-id, IP enclosed in square brackets);
- failregex extended to catch connections rejected for policy reasons (gh-2228);
2018-09-21 14:14:00 +02:00
sebres
8a0c06ba9e
Merge branch '0.10' into 0.11
2018-09-14 11:01:40 +02:00
sebres
d01fe9d22a
action.d/*.conf: correct comments for actionstart/actionstop
2018-09-12 16:01:57 +02:00
Ben RUBSON
9d7c0e00c1
Also log number of IPs removed/added
2018-09-08 09:28:42 +02:00
Ben RUBSON
70e53b55c5
Typo
2018-08-19 22:39:18 +02:00
Ben RUBSON
ec4c4b12c1
Add yes/no log option to badips.py
2018-08-19 22:35:09 +02:00
sebres
714fd8c915
Merge branch '0.10' into 0.11
2018-08-14 16:01:00 +02:00
Sergey G. Brester
ee207d8c31
Merge pull request #2151 from benrubson/merge
...
Apache SNI error / misredirect attempts rules are combined in one regex
2018-08-14 14:56:49 +02:00
Ben RUBSON
77b35b8db7
Improvement
2018-08-14 14:07:32 +02:00
sebres
addd26ae55
Merge branch '0.10' into 0.11
2018-08-14 11:13:15 +02:00
sebres
e2a255d104
fixed typo in comments by "ignoreself" parameter
2018-08-14 11:11:19 +02:00
sebres
606761b3c7
Merge branch '0.10' into 0.11
2018-08-03 12:06:13 +02:00
sebres
e995d5a0b6
filter.d/freeswitch.conf: provide mode parameter, allows to avoid matching of messages like `auth challenge (REGISTER)` (see gh-2163) (currently `extra` as default to be backwards-compatible), see comments in filter how to set it to mode `normal`.
2018-08-03 11:42:15 +02:00
sebres
bc2dbacc9a
filter.d/freeswitch.conf: provide compatibility for log-format from gh-2193:
...
- extended with new default date-pattern `^(?:%%Y-)?%%m-%%d[ T]%%H:%%M:%%S(?:\.%%f)?` to cover
`YYYY-mm-dd HH:MM::SS.ms` as well as `mm-dd HH:MM::SS.ms` (so year is optional);
- more optional arguments in log-line (so accept [WARN] as well as [WARNING] and optional [SOFIA] hereafter);
2018-08-03 11:22:30 +02:00
sebres
eb1156b099
Merge branch '0.10' into 0.11
2018-07-18 15:57:39 +02:00
sebres
22d37cdce2
sshd: fixed failregex for ddos (resp. aggressive) mode, to cover "authenticating user" case in log-message:
...
Connection closed by authenticating user root 192.0.2.10 ... [preauth]
tests extended (also with few injection tries).
closes gh-2185.
2018-07-18 15:31:04 +02:00
sebres
6a81cc9d8c
Merge branch '0.10' into 0.11
2018-07-17 15:18:44 +02:00
sebres
8fe07e29ad
filter.d/dovecot.conf: failregex enhancement to catch disconnected with "proxy dest auth failed";
...
closes gh-2184
2018-07-17 15:06:42 +02:00
sebres
57f2d9e31c
Merge branch '0.10' into 0.11
2018-07-06 18:06:54 +02:00
Sergey G. Brester
75330568d9
Merge pull request #2168 from dpavlin/dovecot-add-F-USER
...
dovecot: collect F-USER and variants
2018-07-06 17:16:43 +02:00
sebres
9de1657aab
Merge branch '0.10' into 0.11
2018-07-06 11:43:56 +02:00
sebres
6ce67a6d21
coverage
2018-07-05 16:27:36 +02:00
Dobrica Pavlinusic
6f1e789f31
dovecot: collect F-USER and variants
...
We are prefering ruser= if availble because this are credentials
presented to dovecot from remote client.
2018-06-30 16:16:03 +02:00
sebres
0eaa0ecd86
Merge branch '0.10' into 0.11
2018-06-14 12:36:22 +02:00
sebres
8cbe1e6b13
Merge pull request #2155
2018-06-14 12:35:57 +02:00
cheese1
43db4411de
small typo
2018-06-14 12:35:04 +02:00
sebres
9fdc6e0e82
Merge branch '0.10' into 0.11
2018-06-11 14:36:35 +02:00
Boris Gulay
a923cd209b
`filter.d/dovecot.conf`: failregex enhancement to catch sql password mismatch errors;
2018-06-11 14:30:10 +02:00
benrubson
f54f6caece
Merge Apache SNI error / misredirect attempts rules
2018-06-09 10:19:27 +02:00
sebres
0d40dd42b1
Merge branch '0.10' into 0.11
2018-04-26 13:43:15 +02:00
sebres
bba7a6c5cf
amend to (gh-2067) / b34ae5999e0d8ee1af8939527305c13152844b3d: fix parameter in config (dynamic parameters stating with '_' are protected and don't allowed in command-actions);
...
the interpolation of hostsdeny is test-covered now;
closes gh-2114.
2018-04-17 18:59:24 +02:00
sebres
0707695146
Merge branch '0.10' into 0.11, version bump
...
# Conflicts resolved:
# fail2ban/server/database.py
2018-04-05 12:58:11 +02:00
sebres
8069eef50c
badips: try to fix sporadic test errors if badips-server timed out resp. not available (502 bad gateway or similar).
2018-04-05 12:31:29 +02:00
sebres
70d099bbd6
Merge branch '0.10' into 0.11
2018-04-04 18:59:44 +02:00
Michael Grant
57bc502d5c
Update sendmail-reject.conf
2018-04-04 18:52:36 +02:00
Michael Grant
2ab6a5ae62
Update sendmail-auth.conf
2018-04-04 18:52:35 +02:00
Michael Grant
87520e8008
Sendmail logs IPv6 addresses with the prefix 'IPv6:'. Added (IPv6:)? before all <HOST> regexes to match the IPv6 address (but not the prefix).
2018-04-04 18:52:33 +02:00
sebres
1fdad90b4d
Merge branch '0.10' into 0.11
2018-04-04 16:49:57 +02:00
Luis Aranguren
fc76ccf192
Fixes abuseipdb curl cypher error and comment $f2bV_matches
...
Fixed https://github.com/fail2ban/fail2ban/issues/2044 #2044
and used https://github.com/fail2ban/fail2ban/issues/2039 to fix comment in abuseipdb.com only showing $f2bV_matches
2018-04-04 16:39:16 +02:00
Sergey G. Brester
7bbc26d67e
Merge pull request #2097 from benrubson/sni
...
Detect Apache SNI error / misredirect attempts
2018-04-04 16:31:38 +02:00
benrubson
bd74f7ba8b
Detect Apache SNI error / misredirect attempts, typos
2018-04-04 00:20:58 +02:00
sebres
7dfd61f462
Merge branch '0.10' into 0.11-2
2018-04-03 14:14:44 +02:00
sebres
8423f017e7
Merge branch 'sshd-ddos-mode-closed-preauth' into 0.10
2018-04-03 14:12:35 +02:00
sebres
4ee07adde6
Merge branch '0.10' into fix-sshd-filter-suff
...
# Conflicts resolved:
# fail2ban/server/filter.py
2018-04-03 13:30:57 +02:00
benrubson
30dc22fb2e
Detect Apache SNI error / misredirect attempts
2018-03-29 11:36:49 +02:00
sebres
4f6532f810
filter.d/sshd.conf: mode `ddos` (and `aggressive`) extended to catch `Connection closed by ... [preauth]`, so in DDOS mode it causes failure now on closed within preauth stage;
...
at least using both modes can ban port-scanners and prevent for other annoying "intruders", closing connection within preauth-stage (see gh-2085 for example).
2018-03-20 18:54:22 +01:00
sebres
cd7f1354c6
remove end-anchors for expressions that are precise enough (with clear flow, simple branches, without catch-all's, etc.)
2018-03-20 18:47:42 +01:00
sebres
c31eb1c562
quick optimization: normalizes pam-generic prefregex (more similar to the same regex within sshd-filter) + datepattern anchored now;
2018-03-20 16:00:21 +01:00
sebres
25cc42129a
hold all user names affected by interim attempts in order to avoid forget a failures after success login:
...
intruder (as legitimate user) firstly tries to login with another user-name (brute-force), so hopes to reset failure counter by succeeded login;
this is fixed and covered in tests now;
sshd-filter extended to cover multiple-login attempts (also fully implements gh-2070);
2018-03-20 13:09:05 +01:00
sebres
a9c94686b6
fixed multiple regexs matched
2018-03-20 09:09:42 +01:00
sebres
8028d3940d
amend with better match of optional suffix-groups;
...
remove end-anchors for expressions are precise enough (with clear flow, simple branches, without catch-all's, etc.);
2018-03-19 17:29:26 +01:00
sebres
66d2436f21
filter.d/sshd.conf: extend suffix with optional port, move it to `prefregex` at end outside of the content
2018-03-19 16:50:49 +01:00
sebres
7b3442c4e2
amend to 185cb998e7c7f2509830bed4a9f2fe6179f77e7b: capture error prefix outside of the failure content;
2018-03-19 14:53:56 +01:00
sebres
185cb998e7
make `prefregex` more precise in order to avoid catch the content for non failure lines
2018-03-19 14:38:47 +01:00
sebres
e8ffab28fb
filter.d/apache-noscript.conf: extended to match "Primary script unknown", got from php-fpm module.
2018-03-19 14:23:24 +01:00
sebres
a6fb33bdec
filter.d/recidive.conf: fixed if logging into systemd-journal (SYSLOG) with daemon name in prefix, gh-2069
2018-03-09 13:56:38 +01:00
Sergey G. Brester
b34ae5999e
action.d/hostdeny.conf: fixes IPv6 syntax
...
differentiate the IPv4 and IPv6 syntax (where it is enclosed in square brackets)
2018-03-05 19:35:10 +01:00
sebres
2b282ead09
Merge branch '0.10' into 0.11
2018-03-02 19:48:15 +01:00
sebres
caa2bdfee6
amendment for gh-2061: it looks like the port was added here also
2018-03-02 19:24:47 +01:00
sebres
a3bcbe2d1b
backwards-compatibility, test-cases and ChangeLog update
2018-03-02 19:15:10 +01:00
MatthieuBarbu
6b5516b851
fix sshd rule #2
...
in line 58, rule don't match with "%(__suff)s" but work fine if I replace with "%(__on_port_opt)s"
Debian 9 stretch : fail2ban 0.10.3
2018-03-02 18:40:36 +01:00
sebres
1d7aa2ff21
filter.d/sshd.conf: rewrite fix (for new ssh log-format) backwards compatible + test-cases extended to cover both cases
2018-03-02 18:17:17 +01:00
MatthieuBarbu
9f5c873526
fix sshd rule
...
just remove the space before ":11" line 52 because don't match on my Debian 9 stretch...
I don't know if this is wrong on all OS
2018-03-02 17:53:35 +01:00
sebres
5ea76789c6
Merge branch '0.10' into 0.11
2018-03-02 17:18:37 +01:00
sebres
8c291cad38
filter.d/asterisk.conf: fixed failregex prefix by log over remote syslog server (gh-2060)
2018-03-02 09:17:04 +01:00
Ben RUBSON
b112250ef0
(Free)BSD IPFW does not allow 2 identical rules ( #2054 )
...
ipfw actionban fixed to allow same rule added several times (and actionunban to ignore error by deletion of missing rule)
2018-02-27 10:18:59 +01:00
Ben RUBSON
857767f04b
Add 'any' badips.py bancategory ( #2056 )
...
action.d/badips.py: allow `any` as bancategory to retrieve IPs from all categories
2018-02-27 10:12:22 +01:00
sebres
47a7f83a0b
Merge branch '0.10' into 0.11
2018-02-26 19:30:54 +01:00
sebres
07fcb24ff6
Merge pull request #2057 from benrubson/https
...
Use httpS with badips
2018-02-26 18:50:35 +01:00
sebres
f52c67238a
action.d/badips.py: code review, ban command covered, debug log-messages, etc;
2018-02-26 18:16:20 +01:00
benrubson
fce2a50165
badips.py, solve a str() issue under FreeBSD
2018-02-26 15:55:21 +01:00
benrubson
e2665d39fd
Use httpS with badips
2018-02-26 09:58:37 +01:00
sebres
a5155f55e7
Merge branch '0.10' into 0.11
2018-02-21 09:31:35 +01:00
sebres
e636567d23
filter.d/exim.conf: failregex extended with SMTP call dropped: too many syntax or protocol errors.
2018-02-19 09:50:46 +01:00
sebres
19a5a2f8c0
filter.d/murmur.conf: fixed detection of failures reading from journal (systemd-backend only):
...
- extended with optional prefix for the systemd-journal (with second date-pattern as optional match);
- added `journalmatch` filtering;
closes gh-2043
2018-02-09 11:43:55 +01:00
sebres
201ae0dac2
Merge branch '0.10' into 0.11
2018-01-31 12:20:34 +01:00
sebres
0be0e43d47
amend to 03b577d7b92a120e325abe20a99b6956a7e0657c: add new-line after matches via tag `<br>` without usage of interim variable
2018-01-30 12:52:26 +01:00
sebres
03b577d7b9
action.d/blocklist_de.conf: fixed tag substitution (in 0.10 it can be variables supplied via shell-arguments), expand `<matches>` with trailing newline;
...
tests extended;
closes gh-2028
2018-01-30 12:27:03 +01:00
sebres
faab77cc79
Merge branch '0.10' into 0.11, with resolved conflicts.
2018-01-24 17:56:58 +01:00
Yaroslav Halchenko
527bb9a7c3
dos2unix for helpers-common.conf
...
Original report: http://bugs.debian.org/888110
2018-01-23 08:48:36 -05:00
sebres
1ca3df877b
Merge branch '0.10' into 0.11
2018-01-18 14:32:00 +01:00
sebres
f69e28adfc
action.d/pf.conf: compatibility fix - recognizes that parameter `port` specified as empty, with or without braces (should be more backwards compatible to 0.9 now).
2018-01-18 14:05:22 +01:00
sebres
38b3290516
Merge branch '0.10' into 0.11
2018-01-17 16:43:45 +01:00
sebres
ed22ddbbbb
Merge remote-tracking branch 'remotes/gh-upstream/master' into 0.10
2018-01-17 16:42:56 +01:00
sebres
63e906b2c1
regex rewritten: a bit fewer vulnerable now and using non-capturing groups, test-cases extended in order to cover trying of injection on user name
2018-01-17 16:35:32 +01:00