[ic] Interchange 5.12.0 rc1
Stefan Hornburg (Racke)
racke at linuxia.de
Fri Apr 24 18:13:19 UTC 2020
On 4/24/20 6:09 PM, DB wrote:
>>
>> Hello,
>>
>> please consider the following fix for the 5.12.0: https://github.com/interchange/interchange/pull/123,
>> in order to allow fail2ban to parse Interchange log files properly.
>>
>> We added a number of jails to an Interchange instance to help preventing script attacks.
>>
>> Regards
>> Racke
>
>
> I like this idea. I'm constantly fighting scans/bots and whatnot. I've been using fail2ban with custom jails on my
> webserver logs. I hadn't thought about using IC logs. I also use ipset to block certain troublesome countries.
>
I'm using the following filters for the catalog error log:
==> bad-robots-filter.conf <==
[Definition]
failregex = ^<HOST>.*WARNING: POSSIBLE BAD ROBOT
ignoreregex =
==> session-hammering-filter.conf <==
[Definition]
failregex = ^<HOST>.*Hammered session lock
ignoreregex =
==> ic-malformed-session-filter.conf <==
[Definition]
failregex = ^<HOST>.*Malformed session identifier:
ignoreregex =
==> ic-syntax-error-filter.conf <==
[Definition]
failregex = ^<HOST>.*Runtime error: (Syntax error in (GET|POST) input|Unsupported Content-Type for POST method)
ignoreregex =
Notes:
- works only with the fixed log format
- http code for syntax error should be really 400, not internal server error
Regards
Racke
> DB
> _______________________________________________
> interchange-users mailing list
> interchange-users at interchangecommerce.org
> https://www.interchangecommerce.org/mailman/listinfo/interchange-users
>
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://www.interchangecommerce.org/pipermail/interchange-users/attachments/20200424/01bc397e/attachment.sig>
More information about the interchange-users
mailing list