Fail2ban 不禁止 IP - Apache 摘要身份验证

tag-icon tag-icon debian apache-http-server
Fail2ban 不禁止 IP - Apache 摘要身份验证

Fail2ban 没有阻止我的网络服务器上的登录尝试,这是怎么回事?

配置已重新加载,服务已重新启动,甚至服务器也已重新启动......

# fail2ban-client reload
# service fail2ban restart
# reboot

配置:

输出:uname -a

Linux myWebServer 3.2.0-4-686-pae #1 SMP Debian 3.2.63-2+deb7u1 i686 GNU/Linux

输出:lsb_release -a

Distributor ID: Debian
Description:    Debian GNU/Linux 7.7 (wheezy)
Release:        7.7
Codename:       wheezy

输出:apache2 -v

Server version: Apache/2.2.22 (Debian)
Server built:   Jul 24 2014 16:20:38

输出:fail2ban-client -V

Fail2Ban v0.8.6

输出:cat /etc/fail2ban/filter.d/apache-auth.conf

[INCLUDES]

before = apache-common.conf

[Definition]

failregex = ^%(_apache_error_client)s user .* (authentication failure|not found|password mismatch)\s*$

ignoreregex =

输出:cat /var/log/apache2/error.log

[...]
[Mon Nov 17 10:28:46 2014] [error] [client x.x.x.x] user bob not found: /myshare
[Mon Nov 17 10:28:51 2014] [error] [client x.x.x.x] user userTest not found: /myshare
[Mon Nov 17 10:30:37 2014] [error] [client x.x.x.x] user user1 not found: /myshare
[Mon Nov 17 10:37:35 2014] [error] [client x.x.x.x] user user2 not found: /myshare
[...]

输出:fail2ban-regex /var/log/apache2/error.log /etc/fail2ban/filter.d/apache-auth.conf

Running tests
=============

Use regex file : /etc/fail2ban/filter.d/apache-auth.conf
Use log file   : /var/log/apache2/error.log


Results
=======

Failregex
|- Regular expressions:
|  [1] ^\[[^]]+\] \[error\] \[client <HOST>\] user .* (authentication failure|not found|password mismatch)\s*$
|
`- Number of matches:
   [1] 0 match(es)

Ignoreregex
|- Regular expressions:
|
`- Number of matches:

Summary
=======

Sorry, no match

Look at the above section 'Running tests' which could contain important
information.

输出:fail2ban-client status apache

Status for the jail: apache
|- filter
|  |- File list:        /var/log/apache2/error.log
|  |- Currently failed: 0
|  `- Total failed:     0
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

输出:cat /etc/apache2/conf.d/usershare.conf

<Directory /var/www/myshare>
        AuthType Basic
        AuthName "myshare"
        AuthUserFile /etc/apache2/pass
        Require User gooduser
</Directory>

编辑:

我想禁止失败的客户端尝试的 IP:“身份验证失败”、“未找到用户”和“密码不匹配”。从我提供的信息中可以看出,Fail2ban 无法正常工作。我遗漏了什么?如何在 /var/log/apache2/error.log 中禁止失败的客户端尝试的 IP?

答案1

是问题编号 286:请参阅此处了解问题描述:fail2ban apache-auth 问题

这个问题已在 github 上得到修正,你可以应用以下补丁,可在以下网站找到在 github 上

我也在这里放了解决方案:用以下内容替换 apache-auth.conf 文件中的 failregex:

failregex = ^%(_apache_error_client)s user .* authentication failure for "\S*": Password Mismatch$
            ^%(_apache_error_client)s user .* not found: \S*\s*$

相关内容