mirror of
https://github.com/fail2ban/fail2ban.git
synced 2026-03-11 08:55:31 +00:00
Merge branch 'gh-4142--nginx-ssl-aggressive': extends filter.d/nginx-http-auth.conf - modes fallback and aggressive match more SSL failures by SSL_do_handshake or SSL_read (gh-4142, gh-2881)
Some checks failed
Codespell / Check for spelling errors (push) Has been cancelled
CI / build (3.10) (push) Has been cancelled
CI / build (3.11) (push) Has been cancelled
CI / build (3.12) (push) Has been cancelled
CI / build (3.13) (push) Has been cancelled
CI / build (3.14) (push) Has been cancelled
CI / build (3.15.0-alpha.5) (push) Has been cancelled
CI / build (3.8) (push) Has been cancelled
CI / build (3.9) (push) Has been cancelled
CI / build (pypy3.11) (push) Has been cancelled
Some checks failed
Codespell / Check for spelling errors (push) Has been cancelled
CI / build (3.10) (push) Has been cancelled
CI / build (3.11) (push) Has been cancelled
CI / build (3.12) (push) Has been cancelled
CI / build (3.13) (push) Has been cancelled
CI / build (3.14) (push) Has been cancelled
CI / build (3.15.0-alpha.5) (push) Has been cancelled
CI / build (3.8) (push) Has been cancelled
CI / build (3.9) (push) Has been cancelled
CI / build (pypy3.11) (push) Has been cancelled
This commit is contained in:
commit
8be17b0981
3 changed files with 9 additions and 1 deletions
|
|
@ -115,6 +115,7 @@ ver. 1.1.1-dev-1 (20??/??/??) - development nightly edition
|
|||
* `filter.d/nginx-http-auth.conf`:
|
||||
- extended with `prefregex` to capture content of error only (bypass common prefix and suffix, like server, request, host, referrer);
|
||||
- extended to match PAM authentication failures (gh-4071)
|
||||
- modes `fallback` and `aggressive` extended to match more SSL failures by SSL_do_handshake or SSL_read (gh-4142, gh-2881)
|
||||
* `filter.d/nginx-limit-req.conf` - extended to ban hosts failed by limit connection in ngx_http_limit_conn_module (gh-3674, gh-4047)
|
||||
* `filter.d/proxmox.conf` - add support to Proxmox Web GUI (gh-2966)
|
||||
* `filter.d/openvpn.conf` - new filter and jail for openvpn recognizing failed TLS handshakes (gh-2702)
|
||||
|
|
|
|||
|
|
@ -16,7 +16,7 @@ prefregex = ^%(__prefix_line)s<F-CONTENT>.*</F-CONTENT>%(__suffix_line)s\s*$
|
|||
|
||||
mdre-auth = ^user "<F-USER>(?:[^"]+|.*?)</F-USER>":? (?:password mismatch|was not found in "[^\"]*")$
|
||||
^(?:PAM: )?user '<F-USER>(?:[^']+|.*?)</F-USER>' - not authenticated: Authentication failure$
|
||||
mdre-fallback = ^SSL_do_handshake\(\) failed \(SSL: error:\S+(?: \S+){1,3} too (?:long|short)\)[^,]*
|
||||
mdre-fallback = ^SSL_(?:do_handshake|read)\(\) failed \(SSL: error:\S+(?: \S+){1,3}[^\)]*\)[^,]*
|
||||
|
||||
mdre-normal = %(mdre-auth)s
|
||||
|
||||
|
|
|
|||
|
|
@ -35,6 +35,13 @@ host nginx[23141]: host nginx: 2025/09/07 21:20:40 [error] 23141#23141: *24470 P
|
|||
# failJSON: { "time": "2020-11-25T16:02:45", "match": false }
|
||||
2020/11/25 16:02:45 [error] 76952#76952: *5645766 connect() failed (111: Connection refused) while connecting to upstream, client: 5.126.32.148, server: www.google.de, request: "GET /admin/config HTTP/2.0", upstream: "http://127.0.0.1:3000/admin/config", host: "www.google.de"
|
||||
|
||||
# failJSON: { "time": "2025-07-09T19:20:38", "match": true , "host": "192.0.2.23", "desc": "SSL failure: bad key share (gh-4142)" }
|
||||
2025/07/09 19:20:38 [crit] 3075615#3075615: *2489 SSL_do_handshake() failed (SSL: error:0A00006C:SSL routines::bad key share) while SSL handshaking, client: 192.0.2.23, server: 0.0.0.0:443
|
||||
# failJSON: { "time": "2025-07-09T20:18:52", "match": true , "host": "192.0.2.24", "desc": "SSL failure: bad record type (gh-4142)" }
|
||||
2025/07/09 20:18:52 [crit] 60993#60993: *16611546 SSL_do_handshake() failed (SSL: error:0A0001BB:SSL routines::bad record type error:0A000139:SSL routines::record layer failure) while SSL handshaking, client: 192.0.2.24, server: 0.0.0.0:443
|
||||
# failJSON: { "time": "2025-07-09T22:27:36", "match": true , "host": "192.0.2.17", "desc": "SSL failure: alert number 121 (gh-4142)" }
|
||||
2025/07/09 22:27:36 [crit] 60993#60993: *16700609 SSL_read() failed (SSL: error:0A000461:SSL routines::reason(1121):SSL alert number 121) while waiting for request, client: 192.0.2.17, server: 0.0.0.0:443
|
||||
|
||||
# filterOptions: [{"mode": "aggressive"}]
|
||||
# failJSON: { "time": "2020-11-25T14:42:16", "match": true , "host": "142.93.180.14" }
|
||||
2020/11/25 14:42:16 [crit] 76952#76952: *2454307 SSL_do_handshake() failed (SSL: error:1408F0C6:SSL routines:ssl3_get_record:packet length too long) while SSL handshaking, client: 142.93.180.14, server: 0.0.0.0:443
|
||||
|
|
|
|||
Loading…
Reference in a new issue