regex for URI not URL
Posted: 29 Oct 2019, 15:18
Hello.
I have a regex that I'm trying to modify for regex.custom.pm so when the server (not a user clicks) redirects to a specific page (which is logged in /var/log/apache2/access.log), after x number of attempts, it blocks that IP.
The purpose is to block bots attempting to hack a "token entry" form and currently, due to the software used, a failure with the form does not get logged in error_log but rather access_log.
Question: how to put multiple multiple custom log files in regex.custom.pm and what is the sytax for a redirect?
I currently have a working command (thanks to this forum) for another purpose in regex.custom.pm, which is this;
I now need to have csf read custom1_log which references /var/log/apache2/access_log for an entry of
"domain.com/index.php/fault", so I added the following to the regex.custom.pm but it's not working (I'm not an expert on regex, as you will see):
Any help much appreciated.
I have a regex that I'm trying to modify for regex.custom.pm so when the server (not a user clicks) redirects to a specific page (which is logged in /var/log/apache2/access.log), after x number of attempts, it blocks that IP.
The purpose is to block bots attempting to hack a "token entry" form and currently, due to the software used, a failure with the form does not get logged in error_log but rather access_log.
Question: how to put multiple multiple custom log files in regex.custom.pm and what is the sytax for a redirect?
I currently have a working command (thanks to this forum) for another purpose in regex.custom.pm, which is this;
Code: Select all
if (($globlogs{CUSTOM3_LOG}{$lgfile}) and ($line =~ /^.*\[client (\S+):\d+\].*(wp-login|xmlrpc).*/)) {
return ("WP whacker",$1,"WP_whacker","1","","86400");
}
"domain.com/index.php/fault", so I added the following to the regex.custom.pm but it's not working (I'm not an expert on regex, as you will see):
Code: Select all
if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /^.*\[client (\S+):\d+\].*(fault).*/)) {
return ("token whacker",$1,"token_whacker","3","","86400");
}