mirror of https://github.com/fail2ban/fail2ban
38 lines
1.2 KiB
Plaintext
38 lines
1.2 KiB
Plaintext
# Fail2Ban filter to block web requests for scripts (on non scripted websites)
|
|
#
|
|
# This matches many types of scripts that don't exist. This could generate a
|
|
# lot of false positive matches in cases like wikis and forums where users
|
|
# no affiliated with the website can insert links to missing files/scripts into
|
|
# pages and cause non-malicious browsers of the site to trigger against this
|
|
# filter.
|
|
#
|
|
# If you'd like to match specific URLs that don't exist see the
|
|
# apache-botsearch filter.
|
|
#
|
|
|
|
[INCLUDES]
|
|
|
|
# overwrite with apache-common.local if _apache_error_client is incorrect.
|
|
before = apache-common.conf
|
|
|
|
[Definition]
|
|
|
|
script = /\S*(?:php(?:[45]|[.-]cgi)?|\.asp|\.exe|\.pl|\bcgi-bin/)
|
|
|
|
prefregex = ^%(_apache_error_client)s (?:AH0(?:01(?:28|30)|1(?:264|071)|2811): )?(?:(?:[Ff]ile|script|[Gg]ot) )<F-CONTENT>.+</F-CONTENT>$
|
|
|
|
failregex = ^(?:does not exist|not found or unable to stat): <script>\b
|
|
^'<script>\S*' not found or unable to stat
|
|
^error '[Pp]rimary script unknown(?:\\n)?'
|
|
|
|
ignoreregex =
|
|
|
|
|
|
# DEV Notes:
|
|
#
|
|
# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs
|
|
#
|
|
# Second regex, script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$ is in httpd-2.2
|
|
#
|
|
# Author: Cyril Jaquier
|