Ubuntu
fail2ban package

fail2ban apache-auth filter ignores AH01630

Bug #1583457 reported by Marius Gedminas
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
fail2ban (Ubuntu)
New
Undecided
Unassigned

Bug Description

My Apache's error log is full of baddies trying to use me as a proxy, but fail2ban doesn't ban them. The errors look like this:

  Thu May 19 09:48:04.125851 2016] [authz_core:error] [pid 21203:tid 140035017877248] [client 45.55.34.90:53492] AH01630: client denied by server configuration: proxy:http://93.188.167.147/, referer: https://www.pinterest.com/search/?q=http://93.188.167.147/?r=564

The corresponding upstream bug is https://github.com/fail2ban/fail2ban/issues/810 and it's been fixed by upstream commit https://github.com/fail2ban/fail2ban/pull/812/commits/2c158fe16890b9e9f98a3428cc009f792618ba75

I can confirm that manually applying the upstream patch to /etc/fail2ban/filters.d/apache-auth.conf fixes the issue for me.

ProblemType: Bug
DistroRelease: Ubuntu 14.04
Package: fail2ban 0.8.11-1
ProcVersionSignature: Ubuntu 3.13.0-86.131-generic 3.13.11-ckt39
Uname: Linux 3.13.0-86-generic x86_64
ApportVersion: 2.14.1-0ubuntu3.20
Architecture: amd64
Date: Thu May 19 09:55:34 2016
PackageArchitecture: all
SourcePackage: fail2ban
UpgradeStatus: Upgraded to trusty on 2016-04-27 (21 days ago)
mtime.conffile..etc.fail2ban.filter.d.apache.auth.conf: 2016-05-19T09:52:04.566226

See original description
Revision history for this message
Marius Gedminas (mgedmin) wrote :
description: updated
Revision history for this message
Marius Gedminas (mgedmin) wrote :

The upstream fix was released with upstream version 0.9.1, so it looks like this bug doesn't affect Ubuntu 16.04 LTS, which has 0.9.3-1.

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.