fail2ban - fail2Ban apache-noscript 行丢失

Question

我正在尝试使用以下命令禁止这条线，但没有成功fail2ban-regex：

root@XXXX:/etc/fail2ban#fail2ban-regex '[Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script '/var/html/abc.php' not found or unable to stat' filter.d/apache-noscript.conf

使用原来failregex的apache-noscript

failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.a$
            ^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$

结果是“错过”行（我在等待“匹配”行）

Lines: 1 lines, 0 ignored, 0 matched, 1 missed
|- Missed line(s):
|  [Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script /var/html/abc.php not found or unable to stat

请你知道The_good_failregex匹配这条线（就像在标准日志中一样）？ (Fail2Ban v0.8.11 Apache/2.4.7 (Ubuntu))：

fail2ban-regex '[Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script '/var/html/abc.php' not found or unable to stat' The_good_failregex

非常感谢您的帮助。

Answer 1

好像是版本问题。

当前使用的是 Fail2Ban v0.8.11，需要更新到 v0.8.12 (:? before 'error' ...)

_apache_error_client = [[^]]*] [(:?error|\S+:\S+)]( [pid \d+(:\S+ \d+)?])? [客户端 (:\d{1,5})

谢谢。