ConfigServer Community Forum

Hello.

As a theoretical question assuming:
1) regex.custom.pm is properly formatted and without errors;
2) a log file in text format exists with one entry per line of failed logins;
3) csf has the proper log file identified as CUSTOM1_LOG in csf.conf;
4) Am I missing something?

Then csf should be able to block at the firewall a malicious user hammering away at an application login screen, said application login screen outputting to a text log file which is identified in the regex.custom.pm and is pointed to via CUSTOM1_LOG>

But it ain't workin'

If you'd like help, it will help if you post some example log lines, the log filename, and your custom regex.

Thank you BallyBasic79,

What I discovered was an extra '\' backslash in the regex which was causing the csf feature to not work.

Removing it now has it working wonderfully.

I appreciate the response and apologize for my delay.

I once saw a long list of csf regex.custom.pm formulas on this excellent forum, but now can't find them. Do you have a link perchance?

Thank you and have a wonderful day!

Good catch.

You just passed the regex thread pinned at the top of this General Discussion (csf) forum. Or:
https://forum.configserver.com/viewtopic.php?f=6&t=7517