Difference between revisions of "NginX"

From Fail2ban
Jump to: navigation, search
(Added category)
(Added regex vor NginX)
Line 13: Line 13:
 
{{Failregex}}
 
{{Failregex}}
  
Working at this atm
+
Authentication failure
 +
 
 +
<div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;">
 +
* user .* password mismatch, client: <HOST>
 +
</div>
 +
 
 +
User not found
 +
 
 +
<div style="padding: 1em;border: 1px dashed #2f6fab;color: black;background-color: #f9f9f9;line-height: 1.1em;">
 +
* user .* was not found in .*, client: <HOST>
 +
</div>
  
 
==PHP==
 
==PHP==
  
 
There are many ways to include php into nginx, the most common way is to use spawncgi from lighttpd or php-fpm. NginX with php-fpm doesn't log failed requests for missing .php files, but i'm testing some stuff to get logs like the "normal" php to use a similar failregex like in [[Apache]]
 
There are many ways to include php into nginx, the most common way is to use spawncgi from lighttpd or php-fpm. NginX with php-fpm doesn't log failed requests for missing .php files, but i'm testing some stuff to get logs like the "normal" php to use a similar failregex like in [[Apache]]
 +
 +
Additionaly, Suhosin can be installed and the Rule from [[Fail2ban:Community_Portal#suhosin]] works without a problem.
  
 
[[Category: HTTP]]
 
[[Category: HTTP]]

Revision as of 12:29, 8 April 2012

NginX HTTP Server nginx [engine x] is a HTTP and reverse proxy server, as well as a mail proxy server written by Igor Sysoev. It has been running for more than five years on many heavily loaded Russian sites including Rambler (RamblerMedia.com). According to Netcraft nginx served or proxied 4.70% busiest sites in April 2010

From nginx.org


  • 2011/07/16 10:27:48 [error] 5508#0: *223811 open() "/var/www/test.jpg" failed (2: No such file or directory), client: 123.123.123.123, server: www.test.com, request: "GET /test.jpg HTTP/1.1", host: "www.test.com", referrer: "http://www.test2.com"
  • 2011/07/16 12:00:37 [error] 5508#0: *234170 user "test" was not found in "/var/www/.htpasswd", client: 123.123.123.123, server: www.test.com, request: "GET / HTTP/1.1", host: "www.test.com"
  • 2011/07/16 12:01:15 [error] 5508#0: *234170 user "test": password mismatch, client: 123.123.123.123, server: www.test.com, request: "GET / HTTP/1.1", host: "www.test.com"


Failregex

The regular expressions below are proposed failregex for this software. Multiple regular expressions for failregex will only work with a version of Fail2ban greater than or equal to 0.7.6.

The tag <HOST> in the regular expressions below is just an alias for (?:::f{4,6}:)?(?P<host>\S+). The replacement is done automatically by Fail2ban when adding the regular expression. At the moment, exactly one named group host or <HOST> tag must be present in each regular expression.

Please, before editing this section, propose your changes in the discussion page first.

Authentication failure

  • user .* password mismatch, client: <HOST>

User not found

  • user .* was not found in .*, client: <HOST>

PHP

There are many ways to include php into nginx, the most common way is to use spawncgi from lighttpd or php-fpm. NginX with php-fpm doesn't log failed requests for missing .php files, but i'm testing some stuff to get logs like the "normal" php to use a similar failregex like in Apache

Additionaly, Suhosin can be installed and the Rule from Fail2ban:Community_Portal#suhosin works without a problem.