Difference between revisions of "Apache"
Lostcontrol (talk | contribs) m (Reverted edits by 212.11.191.67 (Talk); changed back to last version by Lostcontrol) |
|||
| Line 16: | Line 16: | ||
<div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;"> | <div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;"> | ||
* [[]client <HOST>[]] user .*(?:: authentication failure|not found|password mismatch) | * [[]client <HOST>[]] user .*(?:: authentication failure|not found|password mismatch) | ||
| + | </div> | ||
| + | |||
| + | ==PHP== | ||
| + | |||
| + | If you don't have PHP service running or do not expect so many 'File does not exist' logging in Apache's error log, for attempts to log into some admin modus as shown below, you can also ban these IPs. | ||
| + | |||
| + | <div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;"> | ||
| + | *[Sat Mar 15 03:08:59 2008] [error] [client xyz.246.51.abc] File does not exist: /var/www/blabla/sqladmin/main.php | ||
| + | *[Sat Mar 15 03:08:59 2008] [error] [client xyz.246.51.abc] File does not exist: /var/www/blabla/php/main.php | ||
| + | *[Sat Mar 15 03:08:59 2008] [error] [client xyz.246.51.abc] File does not exist: /var/www/blabla/myadmin/main.php | ||
| + | </div> | ||
| + | |||
| + | This can be done by using the following regex: | ||
| + | |||
| + | <div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;"> | ||
| + | failregex = [[]client (?P<host>\S*)[]] File does not exist: .*\.php | ||
</div> | </div> | ||
[[Category:HTTP]] | [[Category:HTTP]] | ||
Revision as of 00:02, 22 March 2008
Apache HTTP Server is a free software/open source web server for Unix-like systems, Microsoft Windows, Novell NetWare and other operating systems. Apache is notable for playing a key role in the initial growth of the World Wide Web, and continues to be the most popular web server in use, serving as the de facto reference platform against which other web servers are designed and judged.
- [Sun Jan 28 11:55:32 2007] [error] [client 123.123.123.123] user myCoolUser: authentication failure for "/myPasswordedDir": Password Mismatch
- [Tue Apr 10 15:39:26 2007] [error] [client x.x.x.x] Digest: user Username: password mismatch: /
Failregex
The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.
The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.
Please, before editing this section, propose your changes in the discussion page first.
- [[]client <HOST>[]] user .*(?:: authentication failure|not found|password mismatch)
PHP
If you don't have PHP service running or do not expect so many 'File does not exist' logging in Apache's error log, for attempts to log into some admin modus as shown below, you can also ban these IPs.
- [Sat Mar 15 03:08:59 2008] [error] [client xyz.246.51.abc] File does not exist: /var/www/blabla/sqladmin/main.php
- [Sat Mar 15 03:08:59 2008] [error] [client xyz.246.51.abc] File does not exist: /var/www/blabla/php/main.php
- [Sat Mar 15 03:08:59 2008] [error] [client xyz.246.51.abc] File does not exist: /var/www/blabla/myadmin/main.php
This can be done by using the following regex:
failregex = [[]client (?P<host>\S*)[]] File does not exist: .*\.php
