"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "config/filter.d/apache-auth.conf" between
fail2ban-0.10.3.1.tar.gz and fail2ban-0.10.4.tar.gz

About: fail2ban scans log files and bans (via firewall rules) IP-addresses that makes too many access failures. It updates firewall rules to reject the IP address. Experimental version.

apache-auth.conf  (fail2ban-0.10.3.1):apache-auth.conf  (fail2ban-0.10.4)
skipping to change at line 27 skipping to change at line 27
failregex = ^client (?:denied by server configuration|used wrong authentication scheme)\b failregex = ^client (?:denied by server configuration|used wrong authentication scheme)\b
^user (?!`)<F-USER>(?:\S*|.*?)</F-USER> (?:auth(?:oriz|entic)ation f ailure|not found|denied by provider)\b ^user (?!`)<F-USER>(?:\S*|.*?)</F-USER> (?:auth(?:oriz|entic)ation f ailure|not found|denied by provider)\b
^Authorization of user <F-USER>(?:\S*|.*?)</F-USER> to access .*? fa iled\b ^Authorization of user <F-USER>(?:\S*|.*?)</F-USER> to access .*? fa iled\b
^%(auth_type)suser <F-USER>(?:\S*|.*?)</F-USER>: password mismatch\b ^%(auth_type)suser <F-USER>(?:\S*|.*?)</F-USER>: password mismatch\b
^%(auth_type)suser `<F-USER>(?:[^']*|.*?)</F-USER>' in realm `.+' (a uth(?:oriz|entic)ation failure|not found|denied by provider)\b ^%(auth_type)suser `<F-USER>(?:[^']*|.*?)</F-USER>' in realm `.+' (a uth(?:oriz|entic)ation failure|not found|denied by provider)\b
^%(auth_type)sinvalid nonce .* received - length is not\b ^%(auth_type)sinvalid nonce .* received - length is not\b
^%(auth_type)srealm mismatch - got `(?:[^']*|.*?)' but expected\b ^%(auth_type)srealm mismatch - got `(?:[^']*|.*?)' but expected\b
^%(auth_type)sunknown algorithm `(?:[^']*|.*?)' received\b ^%(auth_type)sunknown algorithm `(?:[^']*|.*?)' received\b
^invalid qop `(?:[^']*|.*?)' received\b ^invalid qop `(?:[^']*|.*?)' received\b
^%(auth_type)sinvalid nonce .*? received - user attempted time trave l\b ^%(auth_type)sinvalid nonce .*? received - user attempted time trave l\b
^Hostname \S+ provided via SNI(?:, but no hostname| and hostname \S+ ^(?:No h|H)ostname \S+ provided via SNI(?:, but no hostname provided
) provided\b | and hostname \S+ provided| for a name based virtual host)\b
^No hostname was provided via SNI for a name based virtual host\b
ignoreregex = ignoreregex =
# DEV Notes: # DEV Notes:
# #
# This filter matches the authorization failures of Apache. It takes the log mes sages # This filter matches the authorization failures of Apache. It takes the log mes sages
# from the modules in aaa that return HTTP_UNAUTHORIZED, HTTP_METHOD_NOT_ALLOWED or # from the modules in aaa that return HTTP_UNAUTHORIZED, HTTP_METHOD_NOT_ALLOWED or
# HTTP_FORBIDDEN and not AUTH_GENERAL_ERROR or HTTP_INTERNAL_SERVER_ERROR. # HTTP_FORBIDDEN and not AUTH_GENERAL_ERROR or HTTP_INTERNAL_SERVER_ERROR.
# #
# An unauthorized response 401 is the first step for a browser to instigate auth entication # An unauthorized response 401 is the first step for a browser to instigate auth entication
 End of changes. 1 change blocks. 
3 lines changed or deleted 2 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)