[ic] Interchange 5.12.0 rc1
Stefan Hornburg (Racke)
racke at linuxia.de
Mon Apr 27 10:15:46 UTC 2020
On 4/25/20 5:29 PM, DB wrote:
>>> I like this idea. I'm constantly fighting scans/bots and whatnot. I've been using fail2ban with custom jails on my
>>> webserver logs. I hadn't thought about using IC logs. I also use ipset to block certain troublesome countries.
>>>
>>
>> I'm using the following filters for the catalog error log:
>>
>> ==> bad-robots-filter.conf <==
>> [Definition]
>>
>> failregex = ^<HOST>.*WARNING: POSSIBLE BAD ROBOT
>> ignoreregex =
>>
>> ==> session-hammering-filter.conf <==
>> [Definition]
>>
>> failregex = ^<HOST>.*Hammered session lock
>> ignoreregex =
>> ==> ic-malformed-session-filter.conf <==
>> [Definition]
>>
>> failregex = ^<HOST>.*Malformed session identifier:
>> ignoreregex =
>>
>> ==> ic-syntax-error-filter.conf <==
>> [Definition]
>> failregex = ^<HOST>.*Runtime error: (Syntax error in (GET|POST) input|Unsupported Content-Type for POST method)
>> ignoreregex =
>>
>> Notes:
>>
>> - works only with the fixed log format
>> - http code for syntax error should be really 400, not internal server error
>>
>> Regards
>> Racke
>
> Awesome - thanks for sharing!
FYI: I just had a rare case where a runtime error in a custom tag caused a hammered session lock. Better
to fix that problem than abandoning the filter though.
You mind sharing your custom jail configs for your webserver logs?
Regards
Racke
>
> DB
> _______________________________________________
> interchange-users mailing list
> interchange-users at interchangecommerce.org
> https://www.interchangecommerce.org/mailman/listinfo/interchange-users
>
--
Ecommerce and Linux consulting + Perl and web application programming.
Debian and Sympa administration. Provisioning with Ansible.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://www.interchangecommerce.org/pipermail/interchange-users/attachments/20200427/3af551a9/attachment.sig>
More information about the interchange-users
mailing list