Answer the question
In order to leave comments, you need to log in
I
I
Igor Danilov2016-01-07 18:21:06
Igor Danilov, 2016-01-07 18:21:06
What is the correct way to write a Fail2ban filter for Joomla?
Apache2 output log like this
[Thu Jan 07 21:09:50.120651 2016] [:error] [pid 26210] [client 123.123.123.123:12878] user hgfhfg authentication failure, referer: https://example.com/administrator/ index.php
write filter Fail2ban
failregex = '^.*[[]client .*user .*authentication failure,'
Jail looks like this
[joomla-error]
enabled = true
port = http,https
filter = joomla-error
logpath = /var /log/apache2/error.log
maxretry = 3
But the filter rule doesn't work for some reason, Please tell me the solution to my problem
1 answer(s)
@DayLike
D
DayLike, 2016-10-09 @DayLike
failregex= ^.*\[.*\].*\[client\s+:.*\].*authentication\s+failure.*.php$
try this
or that
failregex= ^.*\[.*\] .*\[client :.*\].*authentication failure.*.php$
https://regex101.com/r/0tUNkO/1
It's
funny that the parser does not skip the word < HOST >
dayl.ru/screen/screen_2016-10- 09_00.36.36.png
Similar questions
E
I
Z
T
N
Didn't find what you were looking for?
Ask your questionAsk a Question
731 491 924 answers to any question