detecting Nginx auth_basic login failures

[aww+]

I see the newest CSF is starting to add regex rules for nginx (modsec for now)

So how about maybe adding rules for auth_basic failures ?

I see two kinds in the log

Code: Select all

2013/04/04 15:02:03 [error] 7882#0: *161 user "sdfsdf" was not found in "/blah/.htpasswds/public_html/blah/passwd", client: .........

and

Code: Select all

2013/04/04 15:23:42 [error] 7882#0: *163 user "superuser": password mismatch, client: ...............

I guess I can try to work out the regex if I don't find it on google first but would be neat if lfd came with them built in.

[ForumAdmin]

This has been added to csf v6.27:
http://blog.configserver.com/?p=1889

[betweenbrain]

My apologies for bringing up an older thread, but was wondering if someone may be able to guide me on how to implement this. I have tried a few ways and am not having much success.

Thanks for any help that you can provide.