Mercurial > repos > other > Puppet

view common/fail2ban/ibb-apache-exploits-access.conf @ 34:29d330d2056a

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Make sure that we have mod_version installed so that Apache config fragments that try to support 2.2 and 2.4 work properly
author IBBoard <dev@ibboard.co.uk>
date Sun, 22 Mar 2015 18:26:06 +0000
parents 956e484adc12
children
line wrap: on
line source

# Fail2Ban configuration file
#
# Author: IBBoard

[Definition]
maxretry = 2

# Option:  failregex
# Notes.:  regex to match the password failure messages in the logfile. The
#          host must be matched by a group named "host". The tag "<HOST>" can
#          be used for standard IP/hostname matching and is only an alias for
#          (?:::f{4,6}:)?(?P<host>[\w\-.^_]+)
# Values:  TEXT
#
failregex = 	^<HOST> .*"(?:GET|HEAD|POST) .*/(?:scripts/setup\.php|newticket|phpMyAdmin-\d\.\d\.\d|(?:(?:php)?[Mm]y[Aa]dmin[0-9]?)|[Pp][Mm][Aa]|sql(?:admin|web|manager)?|roundcube|typo3|dbadmin)[^"]*" 40[024]
		^<HOST> .*"(?:GET|HEAD|POST) .*\.php/[^/"]+\.php
		^<HOST> .*"(?:GET|HEAD|POST) [^\?]+\?[^\?]+=http://[^&]+(?:(?:shell|bot).php|\?\?).*"
		^<HOST> .*"(?:GET|HEAD|POST) .*//wp-content/.*"
		^<HOST> .*"(?:GET|HEAD|POST) .*/wp-content/uploads/200[789]/.*"
		^<HOST> .*"(?:GET|HEAD|POST) /projects/[^/]+/[^"]+/newticket\ HTTP
		^<HOST> .*"(?:GET|HEAD|POST) .*/wp-content/plugins/[^"]*" 40[0-4]
		^<HOST> .*"(?:GET|HEAD|POST) [^"]*README[^"]*" 40[0-4]

# Option:  ignoreregex
# Notes.:  regex to ignore. If this regex matches, the line is ignored.
# Values:  TEXT
#
ignoreregex =	^[^ ]+ - [^-]+
		/phpmyadmin/favicon.ico