Apache-2.2
LFD 是否檢查失敗的 HTTP Digest 登錄嘗試?
我確信 LFD(登錄失敗守護程序)會檢查 Apache 的錯誤日誌以查找失敗的 HTTP 身份驗證嘗試,即。日誌條目,例如:
[Mon Feb 25 10:12:45 2013] [error] [client 10.0.0.1] user FAKEUSER not found: /index.html [Mon Feb 25 10:11:56 2013] [error] [client 10.0.0.1] user REALUSER: authentication failure for "/index.html": Password Mismatch
以上所有嘗試都是失敗的 HTTP Basic 登錄。以下是來自同一個error_log的HTTP Digest auth失敗
[Mon Feb 25 10:10:37 2013] [error] [client 10.0.0.1] Digest: user 'FAKEUSER' in realm 'REALM' not found: index.html
我是否認為這表明 LFD 不會檢查失敗的 HTTP Digest 登錄?如果是這樣,是否有一種簡單的方法可以將這種“驗證”模式添加到腳本中?
任何建議將不勝感激!
好的,自己做了一個解決方案:
去編輯文件:/etc/csf/regex.custom.pm
在以以下開頭的行之前:
# The return values from this example are as follows:
添加以下正則表達式:
# 1. Include failed HTTP Digest method - Invalid User if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[error\] \[client (\S+)\] Digest: user `(\S*)' in realm `\S+' not found:/)) { return ("Failed web page login from",$1,"htdigest",5,"80,443","1"); } # 2. Include failed HTTP Digest method - Invalid Password if (($config{LF_HTACCESS}) and ($lgfile eq $config{HTACCESS_LOG}) and ($line =~ /^\[\S+\s+\S+\s+\S+\s+\S+\s+\S+\] \[error\] \[client (\S+)\] Digest: user (\S*): password mismatch:/)) { return ("Failed web page login from",$1,"htdigest",5,"80,443","1"); }