| 4 |
- |
1 |
# Fail2Ban filter to block web requests for scripts (on non scripted websites)
|
|
|
2 |
#
|
| 34 |
- |
3 |
# This matches many types of scripts that don't exist. This could generate a
|
|
|
4 |
# lot of false positive matches in cases like wikis and forums where users
|
|
|
5 |
# no affiliated with the website can insert links to missing files/scripts into
|
|
|
6 |
# pages and cause non-malicious browsers of the site to trigger against this
|
|
|
7 |
# filter.
|
| 4 |
- |
8 |
#
|
| 34 |
- |
9 |
# If you'd like to match specific URLs that don't exist see the
|
|
|
10 |
# apache-botsearch filter.
|
|
|
11 |
#
|
| 4 |
- |
12 |
|
|
|
13 |
[INCLUDES]
|
|
|
14 |
|
|
|
15 |
# overwrite with apache-common.local if _apache_error_client is incorrect.
|
|
|
16 |
before = apache-common.conf
|
|
|
17 |
|
|
|
18 |
[Definition]
|
|
|
19 |
|
| 5 |
- |
20 |
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)(, referer: \S+)?\s*$
|
|
|
21 |
^%(_apache_error_client)s script '/\S*(php([45]|[.-]cgi)?|\.asp|\.exe|\.pl)\S*' not found or unable to stat(, referer: \S+)?\s*$
|
| 4 |
- |
22 |
|
|
|
23 |
ignoreregex =
|
|
|
24 |
|
|
|
25 |
|
|
|
26 |
# DEV Notes:
|
|
|
27 |
#
|
|
|
28 |
# https://wiki.apache.org/httpd/ListOfErrors for apache error IDs
|
|
|
29 |
#
|
| 34 |
- |
30 |
# Second regex, script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$ is in httpd-2.2
|
| 4 |
- |
31 |
#
|
|
|
32 |
# Author: Cyril Jaquier
|