HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials

HowtoForge Forums | HowtoForge - Linux Howtos and Tutorials (http://www.howtoforge.com/forums/index.php)
-   Installation/Configuration (http://www.howtoforge.com/forums/forumdisplay.php?f=4)
-   -   fail2ban apache filters (http://www.howtoforge.com/forums/showthread.php?t=46439)

cjhmdm 8th June 2010 10:11

fail2ban apache filters
 
Hello, I'm currently using debian lenny x86_64 with apache/2.2.9, PHP 5.2.6-1+lenny8, mysql server 5.0.51a-24+lenny4

I've installed the latest version via apt-get install fail2ban and it's running properly.

The issue I am having is with the default apache-auth filters, which are:

Code:

failregex = [[]client <HOST>[]] user .* authentication failure
            [[]client <HOST>[]] user .* not found
            [[]client <HOST>[]] user .* password mismatch

now, this works fine for standard authentication, but when using mod_auth_mysql nothing happens. There are 2 reasons for this:

1. The failed login isn't recorded to the error log, instead it's recorded to the access log.
2. The format doesn't match the above, here's and example of the difference:
Code:

xxx.xxx.xxx.xxx - USERNAME [08/Jun/2010:02:42:17 -0500] "GET / HTTP/1.1" 401 433 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"
Now, when comparing this with an access granted record, the only difference is the code recorded.

So, I need to pull the following info from the record (red bold portions):
Code:

xxx.xxx.xxx.xxx - USERNAME [08/Jun/2010:02:42:17 -0500] "GET / HTTP/1.1" 401 433 "-" "Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.3) Gecko/20100401 Firefox/3.6.3"
So, without further ado, how can I create a proper filter for the above? Any info and or help on this will be greatly appreciated :)

falko 9th June 2010 14:35

This might help you: http://www.fail2ban.org/wiki/index.php/Talk:Apache


All times are GMT +2. The time now is 13:30.

Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2014, vBulletin Solutions, Inc.