Hi list,
I have all filters available for Nginx, but none protect me from a
custom attack:
[18/Feb/2017:19:15:33 +0000] "GET /login.php HTTP/1.1" 403 162 "-" "-" 0.000
[18/Feb/2017:19:15:32 +0000] "POST /cgi-bin/status HTTP/1.1" 403 162 "-"
"-" 0.000
Lots of lines like these. I've already tried all filters with:
fail2ban-regex /var/log/nginx/access.log filter.d/filter-name
with no success. The common part in all lines is *HTTP/1.1" 403 162 "
*I've tried with grep 'HTTP/1.1" 403 162 "' /var/log/nginx/access.log
and it's working.
Can anyone please give me the regex for these.
Thanks in advance.
------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Fail2ban-users mailing list
Fail2ban-users@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/fail2ban-users