Apache

Fail2ban Apache2 Access Log Regex Fails

by troy · Published September 26, 2014 · Updated September 26, 2014

Changing banaction to ROUTE worked, while IPTABLES-ALLPORTS failed with error No Host Found

2014-09-26 10:55:24,662 fail2ban.filter : ERROR No ‘host’ found in ‘113.71.191.49 – – [ +0000] “GET /phpMyAdmin/scripts/setup.php HTTP/1.1” 500 833 “-” “-”
‘ using ‘<_sre.SRE_Pattern object at 0x25044e0>‘

[apache-phpmyadmin-access]
enabled = true
#banaction = iptables-allports
banaction = route
port = http,https
filter = apache-phpmyadmin-access
logpath = /var/log/apache2/access.log
maxretry = 0

# Fail2Ban configuration file : /etc/fail2ban/filter.d/apache-phpmyadmin-access.conf
[Definition]
# Notes:  regex to match this kind of request: 113.71.191.49 - - [26/Sep/2014:08:59:59 +0000] "GET /phpMyAdmin/scripts/setup.php HTTP/1.1" 500 833 "-" "-"
# Source: /var/log/apache2/access.log
failregex = ^<HOST> -.*"(GET|POST).*(phpMyAdmin|phpmyadmin|myadmin|MyAdmin).*scripts/setup.*
ignoreregex =

Tags: Apache Banaction Fail2ban Route

You may also like...