Re: fail2ban fails to ban apache...
"François Patte" <francois.patte@mi.parisdescartes.fr> wrote:
>Bonjour,
>
>I try to configure fail2ban in order to ban IP which try to connect to
>directories protected by .htaccess.
>
>Here is my [apache] section in jail.conf:
>
>enabled = true
>port = http,https
>filter = apache-auth
>logpath = /var/log/apache*/*error.log
>maxretry = 3
>
>But I tested filling the auth form with erroneous login/password and
>nothing happens! Nothing appeared in /var/log/fail2ban.log...
>
Show filter.d/apache-auth and show the output of a: tail -F /var/log/apache*/*error.log while you make the bad requests (you might need to do a $(find ...) to handle those wildcards - I'm also unsure if f2b deals with apache*).
Also, if you've logged an invalid request, do yourself a favor and create a test directory with different files of different failure lines and run fail2ban-regex against them. Then, when you alter a regex, you can easily see if something you didn't want changed.
>I tried the same for ssh connections and the IP of the computer from
>which I tried was banned after the third attempt.
>
>What is missing in my config?
>
>
>Here is the ssh section in jail.conf:
>
>enabled = true
>port = ssh
>filter = sshd
>logpath = /var/log/auth.log
>maxretry = 6
>
>
>
>Thanks
Reply to: