108,8 → 108,7 |
backend = auto |
filter = alcasar_mod-evasive |
action = iptables-allports[name=alcasar_mod-evasive] |
logpath = /var/log/httpd/error_log |
/var/log/httpd/ssl_error_log |
logpath = /var/log/lighttpd/access.log |
maxretry = 2 |
|
# Bannissement sur tout les ports après 3 refus de SSH (tentative d'accès par brute-force) |
130,8 → 129,8 |
backend = auto |
filter = alcasar_acc |
action = iptables-allports[name=alcasar_acc] |
logpath = /var/log/httpd/ssl_error_log |
maxretry = 5 |
logpath = /var/log/lighttpd/access.log |
maxretry = 6 |
|
# Bannissement sur tout les ports après 5 echecs de connexion pour un usager |
[alcasar_intercept] |
141,7 → 140,7 |
backend = auto |
filter = alcasar_intercept |
action = iptables-allports[name=alcasar_intercept] |
logpath = /var/log/httpd/ssl_request_log |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
|
# Bannissement sur tout les port après 5 échecs de changement de mot de passe |
153,7 → 152,7 |
backend = auto |
filter = alcasar_change-pwd |
action = iptables-allports[name=alcasar_change-pwd] |
logpath = /var/log/httpd/ssl_request_log |
logpath = /var/log/lighttpd/access.log |
maxretry = 5 |
|
EOF |
184,7 → 183,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[client <HOST>:[0-9]+\] .*client denied by server configuration |
failregex = <HOST> .+\] "[^"]+" 403 |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
211,7 → 210,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[auth_digest:error\] \[client <HOST>:[0-9]+\] .*ALCASAR Control Center \(ACC\) |
failregex = <HOST> .+\] "[^"]+" 401 |
|
#[[]auth_digest:error[]] [[]client <HOST>:[0-9]\{1,5\}[]] |
|
240,7 → 239,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[<HOST>\] \"GET \/intercept\.php\?res=failed\&reason=reject |
failregex = <HOST> .* \"GET \/intercept\.php\?res=failed\&reason=reject |
|
# Option: ignoreregex |
# Notes.: regex to ignore. If this regex matches, the line is ignored. |
268,7 → 267,7 |
# (?:::f{4,6}:)?(?P<host>[\w\-.^_]+) |
# Values: TEXT |
# |
failregex = \[<HOST>\] \"POST \/password\.php |
failregex = <HOST> .* \"POST \/password\.php |
|
|
# Option: ignoreregex |