Commit message (Collapse) | Author | Age | Files | Lines | |
---|---|---|---|---|---|
* | failregex.py: resolve deprecation warning for sre_constantsHEADmaster | Sergey G. Brester | 2023-05-03 | 1 | -2/+1 |
| | | | closes gh-3508 | ||||
* | GHA: update python-versions, 3.11 is released | Sergey G. Brester | 2023-05-03 | 1 | -1/+1 |
| | |||||
* | avoid confusion of path as failure ID with IP/CIDR notation, improve IP/CIDR ↵ | sebres | 2023-04-26 | 4 | -10/+53 |
| | | | | | | | parsing; wrong CIDR notation or invalid plen always causes a fallback to raw string now; fixes recognition of `::` and `::/32` | ||||
* | README.md: code status - switch from travis-ci to GHA | Sergey G. Brester | 2023-04-24 | 1 | -5/+1 |
| | |||||
* | Merge pull request #3502 from fail2ban/gh-3497 | Sergey G. Brester | 2023-04-24 | 3 | -1/+6 |
|\ | | | | | filter.d/exim.conf: fixes "dropped: too many ..." regex (also matches unrecognized commands) | ||||
| * | Update ChangeLoggh-3497 | Sergey G. Brester | 2023-04-24 | 1 | -0/+1 |
| | | |||||
| * | filter.d/exim.conf: fixes "dropped: too many ..." regex and also matches ↵ | Sergey G. Brester | 2023-04-24 | 1 | -1/+1 |
| | | | | | | | | unrecognized commands new vector | ||||
| * | new test messages for exim (gh-3497) | Sergey G. Brester | 2023-04-24 | 1 | -0/+4 |
|/ | |||||
* | Merge pull request #2860 from a16bitsysop/mikrotik | Sergey G. Brester | 2023-04-13 | 2 | -0/+85 |
|\ | | | | | Add action for mikrotik routerOS | ||||
| * | Merge branch 'master' into mikrotik | Sergey G. Brester | 2023-04-13 | 8 | -34/+81 |
| |\ | |/ |/| | |||||
* | | fail2banregextestcase: compatibility fix for testWrongRE | Sergey G. Brester | 2023-04-04 | 1 | -1/+1 |
| | | |||||
* | | filtertestcase.py: byte related copy of lines in tests (locale independent); ↵ | sebres | 2023-04-04 | 2 | -27/+37 |
| | | | | | | | | closes gh-2936 | ||||
* | | Merge pull request #2226 from mbologna/nginx-forbidden | Sergey G. Brester | 2023-03-23 | 4 | -0/+35 |
|\ \ | | | | | | | Feat: ban nginx forbidden accesses | ||||
| * | | anchored datepattern and added journalmatch (if monitoring systemd journal) | Sergey G. Brester | 2023-03-23 | 1 | -0/+4 |
| | | | |||||
| * | | update changeLog, nginx-forbidden, gh-2226 | Sergey G. Brester | 2023-03-23 | 1 | -0/+1 |
| | | | |||||
| * | | Merge branch 'master' into nginx-forbidden | Sergey G. Brester | 2023-03-23 | 241 | -3983/+9989 |
| |\ \ | |/ / |/| | | |||||
* | | | Merge fix #3479: | sebres | 2023-03-15 | 2 | -5/+7 |
|\ \ \ | | | | | | | | | | | | | | | | | action.d/cloudflare-token.conf: url-encode args by unban closes 'gh-3479' | ||||
| * | | | changelog entry (gh-3479) | Sergey G. Brester | 2023-03-15 | 1 | -0/+1 |
| | | | | |||||
| * | | | action.d/cloudflare-token.conf: fixes #3479, url-encode args by unban | Sergey G. Brester | 2023-03-15 | 1 | -5/+6 |
|/ / / | |||||
| * | | Feat: add forbidden to jail.conf | Michele Bologna | 2018-09-14 | 1 | -0/+5 |
| | | | |||||
| * | | Feat: ban nginx forbidden accesses | Michele Bologna | 2018-09-14 | 2 | -0/+26 |
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | If you have configured nginx to forbid some paths in your webserver, e.g.: location ~ /\. { deny all; } if a client tries to access https://yoursite/.user.ini then you will see in nginx error log: 2018/09/14 19:03:05 [error] 2035#2035: *9134 access forbidden by rule, client: 10.20.30.40, server: www.example.net, request: "GET /.user.ini HTTP/1.1", host: "www.example.net", referrer: "https://www.example.net" By carefully setting this filter we ban every IP that tries too many times to access forbidden resources. Author: Michele Bologna https://www.michelebologna.net/ | ||||
| | * | changed missed names | Duncan Bellamy | 2023-03-08 | 1 | -7/+7 |
| | | | |||||
| | * | apply suggestions | Duncan Bellamy | 2023-03-08 | 1 | -13/+13 |
| | | | |||||
| | * | move new comment in changelog | Duncan Bellamy | 2023-03-08 | 1 | -7/+1 |
| | | | |||||
| | * | add jail boundary to flush command for more precise targeting of jail (if ↵ | Sergey G. Brester | 2023-03-08 | 1 | -1/+1 |
| | | | | | | | | | | | | some name may be equal to prefix of other name) | ||||
| | * | change startcomment and comment so correct rules are flushed | Duncan Bellamy | 2023-03-08 | 1 | -2/+2 |
| | | | |||||
| | * | change unban back to find comment so correct entry always deleted | Duncan Bellamy | 2023-03-08 | 1 | -2/+2 |
| | | | |||||
| | * | Add flushaction | Duncan Bellamy | 2023-03-08 | 1 | -4/+9 |
| | | | | | | | | | | | | Change unban to find by ip address not comment | ||||
| | * | Add action for mikrotik routerOS | Duncan Bellamy | 2023-03-08 | 2 | -0/+86 |
| |/ |/| | |||||
* | | CI-workflow: remove 3.5 (seems to have a bug in GHA now) | Sergey G. Brester | 2023-02-28 | 1 | -1/+1 |
| | | |||||
* | | readme: amend | Sergey G. Brester | 2023-02-28 | 1 | -3/+3 |
| | | |||||
* | | readme: update version | Sergey G. Brester | 2023-02-28 | 1 | -2/+2 |
| | | |||||
* | | Merge pull request #3460 from Trotyl84/patch-1 | Sergey G. Brester | 2023-02-20 | 1 | -0/+1 |
|\ \ | | | | | | | .gitignore: ignore `.venv/` | ||||
| * | | Update .gitignore | Łukasz Turon | 2023-02-18 | 1 | -0/+1 |
|/ / | | | | | Please add this entry for virtual python interpreter. This directory name is needed in the PyCharm environment. | ||||
* | | gh-3447: fix careless mistake arisen in ↵ | sebres | 2023-01-17 | 1 | -2/+1 |
| | | | | | | | | b12a3acb06fed4f240e1cea20f4b07f913edf221 by attempt to implement new reload capacity (rewritten latter): causing error "'noduplicates' is not defined" by double jail configuration | ||||
* | | Merge branch 'fix-gh-3438': | sebres | 2023-01-11 | 3 | -26/+279 |
|\ \ | | | | | | | | | | | | | | | | * circumvent SEGFAULT in a python's socket module by getaddrinfo with disabled IPv6 (gh-3438) * improve auto-detection of IPv6 support (`allowipv6 = auto` by default) * improve `ignoreself` by considering all local addresses from network interfaces additionally to IPs from hostnames (gh-3132) | ||||
| * | | changelog entries (gh-3438, gh-3132) | sebres | 2023-01-11 | 1 | -0/+5 |
| | | | |||||
| * | | don't add subnets to local addresses of `ignoreself` from network ↵ | sebres | 2023-01-11 | 2 | -23/+41 |
| | | | | | | | | | | | | interfaces, use only IPs instead (subnets may be too heavy and not wanted, todo: make it configurable later) | ||||
| * | | amend with few improvements, IPv6IsAllowed prefers IPs from network ↵ | sebres | 2023-01-10 | 2 | -100/+139 |
| | | | | | | | | | | | | interfaces (if available for platform) and uses DNS (socket.getaddrinfo) as a fallback only | ||||
| * | | try to obtain local addresses from network interfaces before DNS to IP ↵ | sebres | 2023-01-09 | 2 | -23/+173 |
| | | | | | | | | | | | | | | | | | | lookup (closes gh-3132); DNSUtils.getSelfIP returns IPAddrSet now (because own IPs may be the subnets now, so the check `ignoreself` must check whether any of subnets contains the IP) | ||||
| * | | improve auto detection of IPv6 - try to check sysctl ↵ | sebres | 2023-01-09 | 1 | -0/+7 |
| | | | | | | | | | | | | net.ipv6.conf.all.disable_ipv6 (prefer value read from `/proc/sys/net/ipv6/conf/all/disable_ipv6`) | ||||
| * | | better auto-detection for IPv6 support (`allowipv6 = auto` by default); ↵ | sebres | 2023-01-06 | 1 | -4/+38 |
|/ / | | | | | | | circumvent SF in some python's socket module by getaddrinfo with disabled IPv6 (closes gh-3438) | ||||
* | | no warning if no config value but default (debug message now) | Sergey G. Brester | 2022-11-28 | 1 | -1/+1 |
| | | | | | | closes #3420 | ||||
* | | Merge pull request #2112 from al42and/dante | Sergey G. Brester | 2022-11-18 | 3 | -0/+27 |
|\ \ | | | | | | | Create filter for Dante SOCKS server | ||||
| * | | non capturing group | Sergey G. Brester | 2022-11-18 | 1 | -1/+1 |
| | | | |||||
| * | | review, simplify regex and capture user name | Sergey G. Brester | 2022-11-18 | 1 | -1/+1 |
| | | | |||||
| * | | Dante SOCKS server: handle "1 byte/second" case | Andrey Alekseenko | 2022-11-17 | 2 | -1/+3 |
| | | | | | | | | | | | | Thanks to @Loriowar and @sebres for pointing it out | ||||
| * | | Create filter for Dante SOCKS server | Andrey Alekseenko | 2022-11-17 | 3 | -0/+25 |
|/ / | |||||
* | | amend to #3405, eliminate catch-all | Sergey G. Brester | 2022-11-15 | 1 | -1/+1 |
| | | |||||
* | | Merge branch 'gh-3405' | sebres | 2022-11-15 | 3 | -2/+7 |
|\ \ |