Apache-2.2

LFD 是否檢查失敗的 HTTP Digest 登錄嘗試?

  • February 25, 2013

我確信 LFD(登錄失敗守護程序)會檢查 Apache 的錯誤日誌以查找失敗的 HTTP 身份驗證嘗試,即。日誌條目,例如:

[Mon Feb 25 10:12:45 2013] [error] [client 10.0.0.1] user FAKEUSER not found: /index.html
[Mon Feb 25 10:11:56 2013] [error] [client 10.0.0.1] user REALUSER: authentication failure for "/index.html": Password Mismatch

以上所有嘗試都是失敗的 HTTP Basic 登錄。以下是來自同一個error_log的HTTP Digest auth失敗

[Mon Feb 25 10:10:37 2013] [error] [client 10.0.0.1] Digest: user 'FAKEUSER' in realm 'REALM' not found: index.html

我是否認為這表明 LFD 不會檢查失敗的 HTTP Digest 登錄?如果是這樣,是否有一種簡單的方法可以將這種“驗證”模式添加到腳本中?

任何建議將不勝感激!

好的,自己做了一個解決方案:

去編輯文件:/etc/csf/regex.custom.pm

以以下開頭的行之前:

# The return values from this example are as follows:

添加以下正則表達式:

# 1. Include failed HTTP Digest method - Invalid User
if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[error\] \[client (\S+)\] Digest: user `(\S*)' in realm `\S+' not found:/)) {
       return ("Failed web page login from",$1,"htdigest",5,"80,443","1");
}

# 2. Include failed HTTP Digest method - Invalid Password
if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[error\] \[client (\S+)\] Digest: user (\S*): password mismatch:/)) {
       return ("Failed web page login from",$1,"htdigest",5,"80,443","1");
}

引用自:https://serverfault.com/questions/482273