[ic] Interchange 5.12.0 rc1

[Stefan Hornburg (Racke)]

On 4/24/20 6:09 PM, DB wrote:
>>
>> Hello,
>>
>> please consider the following fix for the 5.12.0: https://github.com/interchange/interchange/pull/123,
>> in order to allow fail2ban to parse Interchange log files properly.
>>
>> We added a number of jails to an Interchange instance to help preventing script attacks.
>>
>> Regards
>>          Racke
> 
> 
> I like this idea. I'm constantly fighting scans/bots and whatnot. I've been using fail2ban with custom jails on my
> webserver logs. I hadn't thought about using IC logs. I also use ipset to block certain troublesome countries.
> 

I'm using the following filters for the catalog error log:

==> bad-robots-filter.conf <==
[Definition]

failregex = ^<HOST>.*WARNING: POSSIBLE BAD ROBOT
ignoreregex =

==> session-hammering-filter.conf <==
[Definition]

failregex = ^<HOST>.*Hammered session lock
ignoreregex =
==> ic-malformed-session-filter.conf <==
[Definition]

failregex = ^<HOST>.*Malformed session identifier:
ignoreregex =

==> ic-syntax-error-filter.conf <==
[Definition]
failregex = ^<HOST>.*Runtime error: (Syntax error in (GET|POST) input|Unsupported Content-Type for POST method)
ignoreregex =

Notes:

- works only with the fixed log format
- http code for syntax error should be really 400, not internal server error

Regards
        Racke

> DB
> _______________________________________________
> interchange-users mailing list
> interchange-users at interchangecommerce.org
> https://www.interchangecommerce.org/mailman/listinfo/interchange-users
> 


-- 
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://www.interchangecommerce.org/pipermail/interchange-users/attachments/20200424/01bc397e/attachment.sig>