diff --git a/ChangeLog b/ChangeLog index ec11539f..d19356cf 100644 --- a/ChangeLog +++ b/ChangeLog @@ -40,6 +40,7 @@ releases. input SMTP command (lower/mixed case auth command, prevent injection) (gh-1979) * filter.d/postfix-*.conf - added optional port regex (gh-1902) * filter.d/sendmail-auth.conf - extended daemon for Fedora 24/RHEL - the daemon name is "sendmail" (gh-1632) +* filter.d/nginx-http-auth.conf - match usernames with spaces (gh-2015) ### New Features diff --git a/config/filter.d/nginx-http-auth.conf b/config/filter.d/nginx-http-auth.conf index a689f66a..511b5bf0 100644 --- a/config/filter.d/nginx-http-auth.conf +++ b/config/filter.d/nginx-http-auth.conf @@ -4,7 +4,7 @@ [Definition] -failregex = ^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: , server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$ +failregex = ^ \[error\] \d+#\d+: \*\d+ user "[^"]+":? (password mismatch|was not found in ".*"), client: , server: \S*, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"(, referrer: "\S+")?\s*$ ignoreregex = diff --git a/fail2ban/tests/files/logs/nginx-http-auth b/fail2ban/tests/files/logs/nginx-http-auth index 22c16057..e54edce8 100644 --- a/fail2ban/tests/files/logs/nginx-http-auth +++ b/fail2ban/tests/files/logs/nginx-http-auth @@ -7,4 +7,6 @@ 2014/04/01 22:20:38 [error] 30708#0: *3 user "scribendio": password mismatch, client: 10.0.2.2, server: , request: "GET / HTTP/1.1", host: "localhost:8443" # failJSON: { "time": "2014-04-02T12:37:58", "match": true, "host": "10.0.2.2" } 2014/04/02 12:37:58 [error] 6563#0: *1861 user "scribendio": password mismatch, client: 10.0.2.2, server: scribend.io, request: "GET /admin HTTP/1.1", host: "scribend.io", referrer: "https://scribend.io/admin" +# failJSON: { "time": "2014-04-01T22:20:38", "match": true, "host": "10.0.2.2" } +2014/04/01 22:20:38 [error] 30708#0: *3 user "scriben dio": password mismatch, client: 10.0.2.2, server: , request: "GET / HTTP/1.1", host: "localhost:8443"