On 12/3/2014 11:56 AM, [email protected] wrote:
Hello Community,
Perhaps you can help me.
I'm responsible for a squid3 proxy server. But I'm not able to block ip's ,who
failed to authenticate (ncsa_method).
Thats my /var/log/squid3/access.log output
27/Nov/2014:13:16:41 0 125.46.40.22 TCP_DENIED/407 3836 GET
http://www.google.de/ - NONE/- text/html
Thats my jail in jail.conf
enabled = true
port = 8080
filter = squidfilter
logpath = /var/log/squid3/access.log
maxretry = 1
bantime = 180
Thats my filter
# squidfilter
[Definition]
failregex = 0 <HOST> TCP_DENIED/407
ignoreregex =
In reality it doesn't work, although I successfully checked my filter with
"fail2ban-regex" command.
Here is the output
# fail2ban-regex '27/Nov/2014:13:16:41 0 125.46.40.22 TCP_DENIED/407 3836 GET http://www.google.de/ - NONE/-
text/html'
'0 <HOST> TCP_DENIED/407'
############################################
Summary
=======
Addresses found:
[1]
125.46.40.22 (Thu Nov 27 13:16:41 2014)
Date template hits:
0 hit(s): MONTH Day Hour:Minute:Second
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second Year
0 hit(s): WEEKDAY MONTH Day Hour:Minute:Second
0 hit(s): Year/Month/Day Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
0 hit(s): Day/Month/Year Hour:Minute:Second
2 hit(s): Day/MONTH/Year:Hour:Minute:Second
0 hit(s): Month/Day/Year:Hour:Minute:Second
0 hit(s): Year-Month-Day Hour:Minute:Second
0 hit(s): Year.Month.Day Hour:Minute:Second
0 hit(s): Day-MONTH-Year Hour:Minute:Second[.Millisecond]
0 hit(s): Day-Month-Year Hour:Minute:Second
0 hit(s): TAI64N
0 hit(s): Epoch
0 hit(s): ISO 8601
0 hit(s): Hour:Minute:Second
0 hit(s): <Month/Day/Year@Hour:Minute:Second>
Success, the total number of match is 1
However, look at the above section 'Running tests' which could contain important
information.
#############################################
It would be so nice if you could help me.
Greetings
Black1check
---
Alle Postfächer an einem Ort. Jetzt wechseln und E-Mail-Adresse mitnehmen! Rundum glücklich mit freenetMail
<http://email.freenet.de/basic/Informationen>
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
You might try putting an 'action' in the jail.
HTH,
Bill
------------------------------------------------------------------------------
Download BIRT iHub F-Type - The Free Enterprise-Grade BIRT Server
from Actuate! Instantly Supercharge Your Business Reports and Dashboards
with Interactivity, Sharing, Native Excel Exports, App Integration & more
Get technology previously reserved for billion-dollar corporations, FREE
http://pubads.g.doubleclick.net/gampad/clk?id=164703151&iu=/4140/ostg.clktrk
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
