我尝试使用fail2ban-regex禁止此行,但没有成功:
root@XXXX:/etc/fail2ban#fail2ban-regex '[Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script '/var/html/abc.php' not found or unable to stat' filter.d/apache-noscript.conf
使用failregex
apache-noscript
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.a$
^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$
结果是“错过了”' (我在等待排队'匹配')
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
|- Missed line(s):
| [Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script /var/html/abc.php not found or unable to stat
请知道The_good_failregex与此行匹配(就像在std日志中一样)? (Fail2Ban v0.8.11 Apache/2.4.7 (Ubuntu)):
fail2ban-regex '[Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script '/var/html/abc.php' not found or unable to stat' The_good_failregex
非常感谢您的帮助。
答案 0 :(得分:0)
这似乎是版本问题。
目前使用的是Fail2Ban v0.8.11, 需要更新到v0.8.12(:'错误'之前......)
_apache_error_client = [[^]] *] [(:?error | \ S +:\ S +)]([pid \ d +(:\ S + \ d +)?])? [客户((\ d {1,5})
感谢。