# Fail2Ban filter to block web requests on a long or suspicious nature
#

[INCLUDES]

# overwrite with apache-common.local if _apache_error_client is incorrect.
before = apache-common.conf

[Definition]

failregex = ^%(_apache_error_client)s (Invalid (method|URI) in request|request failed: URI too long \(longer than \d+\)|erroneous characters after protocol string)

ignoreregex =

# DEV Noptes:
# 
# fgrep -r 'URI too long' httpd-2.*
#   httpd-2.2.25/server/protocol.c:                          "request failed: URI too long (longer than %d)", r->server->limit_req_line);
#   httpd-2.4.4/server/protocol.c:                              "request failed: URI too long (longer than %d)",
#
# Author: Tim Connors