Ubuntu
fail2ban package

Fail2ban not detecting "...client denied by server configuration..."

Bug #1391723 reported by Victor on 2014-11-12

This bug affects 3 people

Affects		Status	Importance	Assigned to	Milestone
	fail2ban (Ubuntu)	Confirmed	Undecided	Unassigned

Bug Description

Fail2ban starts properly and creates "apache" jail with proper log files:

2014-11-12 00:27:49,973 fail2ban.server : INFO Changed logging target to /var/log/fail2ban.log for Fail2ban v0.8.11
2014-11-12 00:27:49,974 fail2ban.jail : INFO Creating new jail 'apache'
2014-11-12 00:27:50,084 fail2ban.jail : INFO Jail 'apache' uses pyinotify
2014-11-12 00:27:50,186 fail2ban.jail : INFO Initiated 'pyinotify' backend
2014-11-12 00:27:50,193 fail2ban.filter : INFO Added logfile = /var/log/apache2/celulaires_error.log
2014-11-12 00:27:50,196 fail2ban.filter : INFO Added logfile = /var/log/apache2/error.log
2014-11-12 00:27:50,198 fail2ban.filter : INFO Added logfile = /var/log/apache2/renault19_error.log
2014-11-12 00:27:50,200 fail2ban.filter : INFO Added logfile = /var/log/apache2/default_error.log
2014-11-12 00:27:50,201 fail2ban.filter : INFO Added logfile = /var/log/apache2/localweb_error.log
2014-11-12 00:27:50,202 fail2ban.filter : INFO Set maxRetry = 6
2014-11-12 00:27:50,203 fail2ban.filter : INFO Set findtime = 600
2014-11-12 00:27:50,204 fail2ban.actions: INFO Set banTime = 600
2014-11-12 00:27:50,249 fail2ban.jail : INFO Jail 'apache' started

But it is not detecting the following regex, where it should:

[Wed Nov 12 00:28:24.094238 2014] [access_compat:error] [pid 13277] [client 108.59.11.116:41054] AH01797: client denied by server configuration: /var/www/renault19/administrator
[Wed Nov 12 00:28:45.981111 2014] [access_compat:error] [pid 13314] [client 108.59.11.116:41601] AH01797: client denied by server configuration: /var/www/renault19/administrator
[Wed Nov 12 00:28:48.622373 2014] [access_compat:error] [pid 13303] [client 108.59.11.116:41686] AH01797: client denied by server configuration: /var/www/renault19/administrator
[Wed Nov 12 00:28:50.666745 2014] [access_compat:error] [pid 13304] [client 108.59.11.116:41781] AH01797: client denied by server configuration: /var/www/renault19/administrator
[Wed Nov 12 00:28:53.132059 2014] [access_compat:error] [pid 13311] [client 108.59.11.116:41878] AH01797: client denied by server configuration: /var/www/renault19/administrator
[Wed Nov 12 00:28:55.211217 2014] [access_compat:error] [pid 13270] [client 108.59.11.116:41956] AH01797: client denied by server configuration: /var/www/renault19/administrator
[Wed Nov 12 00:28:57.758862 2014] [access_compat:error] [pid 13268] [client 108.59.11.116:42066] AH01797: client denied by server configuration: /var/www/renault19/administrator
[Wed Nov 12 00:28:59.948193 2014] [access_compat:error] [pid 13320] [client 108.59.11.116:42148] AH01797: client denied by server configuration: /var/www/renault19/administrator

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: fail2ban 0.8.11-1
ProcVersionSignature: Ubuntu 3.13.0-39.66-generic 3.13.11.8
Uname: Linux 3.13.0-39-generic i686
ApportVersion: 2.14.1-0ubuntu3.5
Architecture: i386
Date: Wed Nov 12 00:40:06 2014
InstallationDate: Installed on 2011-05-04 (1287 days ago)
InstallationMedia: Ubuntu-Server 10.04.2 LTS "Lucid Lynx" - Release i386 (20110211.1)
PackageArchitecture: all
SourcePackage: fail2ban
UpgradeStatus: Upgraded to trusty on 2014-10-06 (36 days ago)
mtime.conffile..etc.fail2ban.jail.conf: 2014-11-12T00:27:29.106783

Tags:

Revision history for this message

Victor (vprea) wrote on 2014-11-12:

Dependencies.txt Edit (1.3 KiB, text/plain; charset="utf-8")
ProcEnviron.txt Edit (301 bytes, text/plain; charset="utf-8")
modified.conffile..etc.fail2ban.jail.conf.txt Edit (11.6 KiB, text/plain; charset="utf-8")

Revision history for this message

Launchpad Janitor (janitor) wrote on 2015-01-03:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in fail2ban (Ubuntu):
status:	New → Confirmed

Revision history for this message

Michael (michaelrachel) wrote on 2015-08-25:

I have similar problem:

fail2ban does not detect / bans the follwing entries in /var/log/apache2/error.log

[Tue Aug 25 16:10:51.646091 2015] [access_compat:error] [pid 4791] [client 77.252.213.157:4966] AH01797: client denied by server configuration: /var/www/wp-login.php
[Tue Aug 25 16:13:58.386702 2015] [access_compat:error] [pid 4789] [client 52.18.200.197:65451] AH01797: client denied by server configuration: /var/www//wp-login.php

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Bug attachments

Add attachment

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntufail2ban package

Fail2ban not detecting "...client denied by server configuration..."

Bug Description

Other bug subscribers

Bug attachments

Remote bug watches

Ubuntu
fail2ban package