[ic] Interchange 5.12.0 rc1
DB
db at m-and-d.com
Sat Apr 25 15:29:10 UTC 2020
>> I like this idea. I'm constantly fighting scans/bots and whatnot. I've been using fail2ban with custom jails on my
>> webserver logs. I hadn't thought about using IC logs. I also use ipset to block certain troublesome countries.
>>
>
> I'm using the following filters for the catalog error log:
>
> ==> bad-robots-filter.conf <==
> [Definition]
>
> failregex = ^<HOST>.*WARNING: POSSIBLE BAD ROBOT
> ignoreregex =
>
> ==> session-hammering-filter.conf <==
> [Definition]
>
> failregex = ^<HOST>.*Hammered session lock
> ignoreregex =
> ==> ic-malformed-session-filter.conf <==
> [Definition]
>
> failregex = ^<HOST>.*Malformed session identifier:
> ignoreregex =
>
> ==> ic-syntax-error-filter.conf <==
> [Definition]
> failregex = ^<HOST>.*Runtime error: (Syntax error in (GET|POST) input|Unsupported Content-Type for POST method)
> ignoreregex =
>
> Notes:
>
> - works only with the fixed log format
> - http code for syntax error should be really 400, not internal server error
>
> Regards
> Racke
Awesome - thanks for sharing!
DB
More information about the interchange-users
mailing list