fail2ban: add apache-overflows

53744eae · Vitaly Lipatov · 50c86922 · 53744eae · 53744eae
Commit 53744eae authored Oct 23, 2013 by Vitaly Lipatov
Hide whitespace changes
Inline Side-by-side

Showing with 23 additions and 0 deletions

apache-overflows.conf fail2ban/filter.d/apache-overflows.conf +22 -0

apache-overflows fail2ban/test.d/apache-overflows +1 -0

No files found.
--- a/fail2ban/filter.d/apache-overflows.conf
+++ b/fail2ban/filter.d/apache-overflows.conf
+# Fail2Ban configuration file
+#
+# Author: Tim Connors
+#
+# $Revision$
+#
+
+[Definition]
+
+# Option:  failregex
+# Notes.:  Regexp to catch Apache overflow attempts.
+# Values:  TEXT
+#
+# Oct 23 23:10:53 site suhosin[18331]: ALERT - configured GET variable value length limit exceeded - dropped variable 'f' (attacker '91.215.78.104'
+failregex = [[]client <HOST>[]] (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string)
+            ALERT - configured GET variable value length limit exceeded - dropped variable .* \(attacker '<HOST>'
+
+# Option:  ignoreregex
+# Notes.:  regex to ignore. If this regex matches, the line is ignored.
+# Values:  TEXT
+#
+ignoreregex =
--- a/fail2ban/test.d/apache-overflows
+++ b/fail2ban/test.d/apache-overflows
+Oct 23 23:10:53 site suhosin[18331]: ALERT - configured GET variable value length limit exceeded - dropped variable 'f' (attacker '91.215.78.104'