Mercurial > repos > other > Puppet

view common/fail2ban/ibb-apache-exploits-access.conf @ 60:1e2f8966d0a6

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Allow requests to ".well-known" so that we don't accidentally get blocked
author IBBoard <dev@ibboard.co.uk>
date Sat, 12 Sep 2015 11:08:22 +0000
parents 956e484adc12
children
line wrap: on
line source

# Fail2Ban configuration file
#
# Author: IBBoard

[Definition]
maxretry = 2

# Option:  failregex
# Notes.:  regex to match the password failure messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = 	^<HOST> .*"(?:GET|HEAD|POST) .*/(?:scripts/setup\.php|newticket|phpMyAdmin-\d\.\d\.\d|(?:(?:php)?[Mm]y[Aa]dmin[0-9]?)|[Pp][Mm][Aa]|sql(?:admin|web|manager)?|roundcube|typo3|dbadmin)[^"]*" 40[024]
		^<HOST> .*"(?:GET|HEAD|POST) .*\.php/[^/"]+\.php
		^<HOST> .*"(?:GET|HEAD|POST) [^\?]+\?[^\?]+=http://[^&]+(?:(?:shell|bot).php|\?\?).*"
		^<HOST> .*"(?:GET|HEAD|POST) .*//wp-content/.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*/wp-content/uploads/200[789]/.*"
		^<HOST> .*"(?:GET|HEAD|POST) /projects/[^/]+/[^"]+/newticket\ HTTP
		^<HOST> .*"(?:GET|HEAD|POST) .*/wp-content/plugins/[^"]*" 40[0-4]
		^<HOST> .*"(?:GET|HEAD|POST) [^"]*README[^"]*" 40[0-4]

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =	^[^ ]+ - [^-]+
		/phpmyadmin/favicon.ico