~ubuntu-branches/ubuntu/vivid/fail2ban/vivid

« back to all changes in this revision

Viewing changes to config/filter.d/apache-overflows.conf

Committer: Package Import Robot
Author(s): Yaroslav Halchenko
Date: 2013-11-17 17:29:06 UTC
mfrom: (1.2.9)
Revision ID: package-import@ubuntu.com-20131117172906-buaklkz2i416bh04

Tags: 0.8.11-1

http://bugs.debian.org/719662

http://bugs.debian.org/668064

http://bugs.debian.org/696087

http://bugs.debian.org/709196

http://bugs.debian.org/620760

http://bugs.debian.org/711463

http://bugs.debian.org/648276

* Fresh upstream release
  - this release tightens all shipped filters to preclude
    possible injections leading to targetted DoS attacks.
  - omitted entry for ~pre release changelog:
    - asterisk filter was fixed (Closes: #719662),
    - nginx filter/jail added (Closes: #668064)
    - better detection of log rotation in polling backend (Closes: #696087)
    - includes sever name (uname -n) into subject of sendmail actions
      (Closes: #709196)
* debian/jail.conf
  - dropbear jail: use dropbear filter (instead of ssh) and monitor
    auth.log instead of non-existing /var/log/dropbear (Closes: #620760)
* debian/NEWS
  - information for change of default iptables action to REJECT now
    (Closes: #711463)
* debian/patches
  - changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff
    post-release change to support native proftpd date format which
    includes milliseconds (Closes: #648276)
  - changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff
    absorbed upstream

files added:
.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff

.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff/server

.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff/server/datedetector.py

.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff/testcases

.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff/testcases/datedetectortestcase.py

.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff/testcases/files

.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff/testcases/files/logs

.pc/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff/testcases/files/logs/proftpd

debian/patches/changeset_d4f6ca4f8531f332bcb7ce3a89102f60afaaa08e.diff

files removed:
.pc/changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff

.pc/changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff/config

.pc/changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff/config/filter.d

.pc/changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff/config/filter.d/nginx-http-auth.conf

debian/patches/changeset_ac061155f093464fb6cd2329d3d513b15c68e256.diff

files modified:
.pc/applied-patches

.pc/deb_manpages_reportbug/man/fail2ban-client.1

.pc/deb_manpages_reportbug/man/fail2ban-server.1

ChangeLog

DEVELOP

MANIFEST

README.md

THANKS

common/version.py

config/filter.d/apache-noscript.conf

config/filter.d/apache-overflows.conf

config/filter.d/asterisk.conf

config/filter.d/dropbear.conf

config/filter.d/exim.conf

config/filter.d/roundcube-auth.conf

debian/NEWS

debian/changelog

debian/jail.conf

debian/patches/series

man/fail2ban-client.1

man/fail2ban-regex.1

man/fail2ban-server.1

server/datedetector.py

testcases/datedetectortestcase.py

testcases/files/logs/apache-overflows

testcases/files/logs/asterisk

testcases/files/logs/proftpd

testcases/files/logs/roundcube-auth

testcases/files/logs/sshd

Show diffs side-by-side

added added

removed removed

config/filter.d/apache-overflows.conf

[Definition]

failregex = ^%(_apache_error_client)s (Invalid (method|URI) in request|request failed: URI too long|erroneous characters after protocol string)

failregex = ^%(_apache_error_client)s ((AH0013[456]: )?Invalid (method|URI) in request .*( - possible attempt to establish SSL connection on non-SSL port)?|(AH00565: )?request failed: URI too long $longer than \d+$|request failed: erroneous characters after protocol string: .*|AH00566: request failed: invalid characters in URI)$

ignoreregex =

# DEV Notes:

# fgrep -r 'URI too long' httpd-2.*

# httpd-2.2.25/server/protocol.c: "request failed: URI too long (longer than %d)", r->server->limit_req_line);

# httpd-2.4.4/server/protocol.c: "request failed: URI too long (longer than %d)",

# fgrep -r 'in request' ../httpd-2.* | fgrep Invalid

# httpd-2.2.25/server/core.c: "Invalid URI in request %s", r->the_request);

# httpd-2.2.25/server/core.c: "Invalid method in request %s", r->the_request);

# httpd-2.2.25/docs/manual/rewrite/flags.html.fr:avertissements 'Invalid URI in request'.

# httpd-2.4.4/server/core.c: "Invalid URI in request %s", r->the_request);

# httpd-2.4.4/server/core.c: "Invalid method in request %s - possible attempt to establish SSL connection on non-SSL port", r->the_request);

# httpd-2.4.4/server/core.c: "Invalid method in request %s", r->the_request);

# fgrep -r 'invalid characters in URI' httpd-2.*

# httpd-2.4.4/server/protocol.c: "request failed: invalid characters in URI");

# http://svn.apache.org/viewvc/httpd/httpd/trunk/server/core.c?r1=739382&r2=739620&pathrev=739620

# ...possible attempt to establish SSL connection on non-SSL port

# https://wiki.apache.org/httpd/ListOfErrors

# Author: Tim Connors

Older »