X7ROOT File Manager
Current Path:
/etc/fail2ban/filter.d
etc
/
fail2ban
/
filter.d
/
📁
..
📄
3proxy.conf
(467 B)
📄
apache-auth.conf
(3.15 KB)
📄
apache-badbots.conf
(2.76 KB)
📄
apache-botsearch.conf
(1.24 KB)
📄
apache-common.conf
(1.58 KB)
📄
apache-fakegooglebot.conf
(324 B)
📄
apache-modsecurity.conf
(511 B)
📄
apache-nohome.conf
(596 B)
📄
apache-noscript.conf
(1.22 KB)
📄
apache-overflows.conf
(2.13 KB)
📄
apache-pass.conf
(362 B)
📄
apache-shellshock.conf
(1020 B)
📄
assp.conf
(3.41 KB)
📄
asterisk.conf
(2.31 KB)
📄
bitwarden.conf
(427 B)
📄
botsearch-common.conf
(522 B)
📄
centreon.conf
(307 B)
📄
common.conf
(2.71 KB)
📄
counter-strike.conf
(244 B)
📄
courier-auth.conf
(429 B)
📄
courier-smtp.conf
(512 B)
📄
cyrus-imap.conf
(444 B)
📄
directadmin.conf
(338 B)
📄
domino-smtp.conf
(2.06 KB)
📄
dovecot.conf
(2.4 KB)
📄
dropbear.conf
(1.69 KB)
📄
drupal-auth.conf
(557 B)
📄
ejabberd-auth.conf
(1.54 KB)
📄
exim-common.conf
(516 B)
📄
exim-spam.conf
(2.11 KB)
📄
exim.conf
(2.81 KB)
📄
freeswitch.conf
(1.88 KB)
📄
froxlor-auth.conf
(1.18 KB)
📄
gitlab.conf
(236 B)
📄
grafana.conf
(388 B)
📄
groupoffice.conf
(236 B)
📄
gssftpd.conf
(322 B)
📄
guacamole.conf
(1.41 KB)
📄
haproxy-http-auth.conf
(1.14 KB)
📄
horde.conf
(404 B)
📁
ignorecommands
📄
kerio.conf
(938 B)
📄
lighttpd-auth.conf
(333 B)
📄
mongodb-auth.conf
(2.23 KB)
📄
monit.conf
(787 B)
📄
murmur.conf
(927 B)
📄
mysqld-auth.conf
(953 B)
📄
nagios.conf
(400 B)
📄
named-refused.conf
(1.46 KB)
📄
nginx-botsearch.conf
(681 B)
📄
nginx-http-auth.conf
(485 B)
📄
nginx-limit-req.conf
(1.42 KB)
📄
nsd.conf
(760 B)
📄
openhab.conf
(452 B)
📄
openwebmail.conf
(495 B)
📄
oracleims.conf
(1.89 KB)
📄
pam-generic.conf
(947 B)
📄
perdition.conf
(568 B)
📄
php-url-fopen.conf
(891 B)
📄
phpmyadmin-syslog.conf
(278 B)
📄
portsentry.conf
(242 B)
📄
postfix.conf
(3.09 KB)
📄
proftpd.conf
(1.14 KB)
📄
pure-ftpd.conf
(2.35 KB)
📄
qmail.conf
(795 B)
📄
recidive.conf
(1.34 KB)
📄
roundcube-auth.conf
(1.46 KB)
📄
screensharingd.conf
(821 B)
📄
selinux-common.conf
(538 B)
📄
selinux-ssh.conf
(570 B)
📄
sendmail-auth.conf
(776 B)
📄
sendmail-reject.conf
(2.88 KB)
📄
sieve.conf
(371 B)
📄
slapd.conf
(706 B)
📄
softethervpn.conf
(451 B)
📄
sogo-auth.conf
(722 B)
📄
solid-pop3d.conf
(1.07 KB)
📄
squid.conf
(260 B)
📄
squirrelmail.conf
(191 B)
📄
sshd.conf
(7.34 KB)
📄
stunnel.conf
(363 B)
📄
suhosin.conf
(649 B)
📄
tine20.conf
(890 B)
📄
traefik-auth.conf
(2.33 KB)
📄
uwimap-auth.conf
(374 B)
📄
vsftpd.conf
(637 B)
📄
webmin-auth.conf
(444 B)
📄
wuftpd.conf
(520 B)
📄
xinetd-fail.conf
(521 B)
📄
znc-adminlog.conf
(912 B)
📄
zoneminder.conf
(524 B)
Editing: apache-auth.conf
# Fail2Ban apache-auth filter # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # apache-common.local before = apache-common.conf [Definition] # Mode for filter: normal (default) and aggressive (allows DDoS & brute force detection of mod_evasive) mode = normal # ignore messages of mod_evasive module: apache-pref-ign-normal = (?!evasive) # allow "denied by server configuration" from all modules: apache-pref-ign-aggressive = # mode related ignore prefix for common _apache_error_client substitution: apache-pref-ignore = <apache-pref-ign-<mode>> prefregex = ^%(_apache_error_client)s (?:AH\d+: )?<F-CONTENT>.+</F-CONTENT>$ # auth_type = ((?:Digest|Basic): )? auth_type = ([A-Z]\w+: )? failregex = ^client (?:denied by server configuration|used wrong authentication scheme)\b ^user (?!`)<F-USER>(?:\S*|.*?)</F-USER> (?:auth(?:oriz|entic)ation failure|not found|denied by provider)\b ^Authorization of user <F-USER>(?:\S*|.*?)</F-USER> to access .*? failed\b ^%(auth_type)suser <F-USER>(?:\S*|.*?)</F-USER>: password mismatch\b ^%(auth_type)suser `<F-USER>(?:[^']*|.*?)</F-USER>' in realm `.+' (auth(?:oriz|entic)ation failure|not found|denied by provider)\b ^%(auth_type)sinvalid nonce .* received - length is not\b ^%(auth_type)srealm mismatch - got `(?:[^']*|.*?)' but expected\b ^%(auth_type)sunknown algorithm `(?:[^']*|.*?)' received\b ^invalid qop `(?:[^']*|.*?)' received\b ^%(auth_type)sinvalid nonce .*? received - user attempted time travel\b ^(?:No h|H)ostname \S+ provided via SNI(?:, but no hostname provided| and hostname \S+ provided| for a name based virtual host)\b ignoreregex = # DEV Notes: # # This filter matches the authorization failures of Apache. It takes the log messages # from the modules in aaa that return HTTP_UNAUTHORIZED, HTTP_METHOD_NOT_ALLOWED or # HTTP_FORBIDDEN and not AUTH_GENERAL_ERROR or HTTP_INTERNAL_SERVER_ERROR. # # An unauthorized response 401 is the first step for a browser to instigate authentication # however apache doesn't log this as an error. Only subsequent errors are logged in the # error log. # # Source: # # By searching the code in http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/aaa/* # for ap_log_rerror(APLOG_MARK, APLOG_ERR and examining resulting return code should get # all of these expressions. Lots of submodules like mod_authz_* return back to mod_authz_core # to return the actual failure. # # Note that URI can contain spaces. # # See also: http://wiki.apache.org/httpd/ListOfErrors # Expressions that don't have tests and aren't common. # more be added with https://issues.apache.org/bugzilla/show_bug.cgi?id=55284 # ^user .*: nonce expired \([\d.]+ seconds old - max lifetime [\d.]+\) - sending new nonce\s*$ # ^user .*: one-time-nonce mismatch - sending new nonce\s*$ # ^realm mismatch - got `(?:[^']*|.*?)' but no realm specified\s*$ # # Because url/referer are foreign input, short form of regex used if long enough to idetify failure. # # Author: Cyril Jaquier # Major edits by Daniel Black and Ben Rubson. # Rewritten for v.0.10 by Sergey Brester (sebres).
Upload File
Create Folder