| 4 |
- |
1 |
# Fail2Ban configuration file for roundcube web server
|
|
|
2 |
#
|
| 39 |
- |
3 |
# By default failed logins are printed to 'errors'. The first regex matches those
|
|
|
4 |
# The second regex matches those printed to 'userlogins'
|
|
|
5 |
# The userlogins log file can be enabled by setting $config['log_logins'] = true; in config.inc.php
|
| 4 |
- |
6 |
#
|
| 39 |
- |
7 |
# The logpath in your jail can be updated to userlogins if you wish
|
| 4 |
- |
8 |
#
|
|
|
9 |
|
|
|
10 |
[INCLUDES]
|
|
|
11 |
|
|
|
12 |
before = common.conf
|
|
|
13 |
|
|
|
14 |
[Definition]
|
|
|
15 |
|
| 39 |
- |
16 |
failregex = ^\s*(\[\])?(%(__hostname)s\s*(roundcube:)?\s*(<[\w]+>)? IMAP Error)?: (FAILED login|Login failed) for .*? from <HOST>(\. .* in .*?/rcube_imap\.php on line \d+ \(\S+ \S+\))?$
|
|
|
17 |
^\[\]:\s*(<[\w]+>)? Failed login for [\w\-\.\+]+(@[\w\-\.\+]+\.[a-zA-Z]{2,6})? from <HOST> in session \w+( \(error: \d\))?$
|
| 4 |
- |
18 |
|
|
|
19 |
ignoreregex =
|
|
|
20 |
# DEV Notes:
|
|
|
21 |
#
|
|
|
22 |
# Source: https://github.com/roundcube/roundcubemail/blob/master/program/lib/Roundcube/rcube_imap.php#L180
|
|
|
23 |
#
|
|
|
24 |
# Part after <HOST> comes straight from IMAP server up until the " in ....."
|
|
|
25 |
# Earlier versions didn't log the IMAP response hence optional.
|
|
|
26 |
#
|
|
|
27 |
# DoS resistance:
|
|
|
28 |
#
|
|
|
29 |
# Assume that the user can inject "from <HOST>" into the imap response
|
| 5 |
- |
30 |
# somehow. Write test cases around this to ensure that the combination of
|
|
|
31 |
# arbitrary user input and IMAP response doesn't inject the wrong IP for
|
| 4 |
- |
32 |
# fail2ban
|
|
|
33 |
#
|
| 39 |
- |
34 |
# Author: Teodor Micu & Yaroslav Halchenko & terence namusonge & Daniel Black & Lee Clemens
|