why does fail2ban not match script not found

2
votes

Why does the following fail2ban regex 

failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat).*$
        ^%(_apache_error_client)s script '.*' not found or unable to stat

not match

[client 111.111.111.111:51008] script '/srv/www/htdocs/wwwuni/fileadmin/Dokumente/index.php' not found or unable to stat
1
regexfail2ban
The failregex are two lines; the second line begins after stat),$ - A.K
maybe are you missing the $ after stat on the second line? - OscarAkaElvis
the missing $ was not the problem. The problem was the definition of _apache_error_client which didn't match the line I changed _apache_error_client = [[^]]*] [(error|\S+:\S+)]( [pid \d+])? [client <HOST>(:\d{1,5})?] to _apache_error_client = [[^]]*] [(:error|\S+:\S+)]( [pid \d+])? [client <HOST>(:\d{1,5})?] (: in front of error) - A.K

1 Answers

1
votes

My problem is solved after changing the definition of _apache_error_client in apache-common.conf to _apache_error_client = [[^]]*] [(:error|\S+:\S+)]( [pid \d+])? [client (:\d{1,5})?]