Subsonic Forum

forum.subsonic.org
http://forum.subsonic.org/forum/

Fail2ban with Haproxy Log

http://forum.subsonic.org/forum/viewtopic.php?f=2&t=16131

Page 1 of 1

Fail2ban with Haproxy Log

PostPosted: Sat Nov 14, 2015 7:07 pm
by insann
Hi
i need help to set up a fail2ban filter for my subsonic server, and i can't get it !

so here is how is my configuration :

Subsonic=>HAproxy=>Net
So i can't forward public ip adresses with haproxy so i need to setup a filter with haproxy !

here are the haproxy logs and the lines we need to build the filter
Code: Select all
Nov 14 19:26:38 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:38.825] www-https subsonic-backend/subsonic 81/0/0/5/87 200 2988 - - ---- 1/1/0/1/0 0/0 "GET /audio/login.view?error HTTP/1.1"
Nov 14 19:26:40 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:38.912] www-https subsonic-backend/subsonic 1971/0/0/3/1974 302 263 - - ---- 1/1/0/1/0 0/0 "POST /audio/j_acegi_security_check HTTP/1.1"
Nov 14 19:26:40 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:40.885] www-https subsonic-backend/subsonic 65/0/0/3/68 200 2988 - - ---- 1/1/0/1/0 0/0 "GET /audio/login.view?error HTTP/1.1"
Nov 14 19:26:43 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:40.954] www-https subsonic-backend/subsonic 2152/0/0/3/2155 302 263 - - ---- 1/1/0/1/0 0/0 "POST /audio/j_acegi_security_check HTTP/1.1"
Nov 14 19:26:43 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:43.109] www-https subsonic-backend/subsonic 80/0/0/5/85 200 2988 - - ---- 1/1/0/1/0 0/0 "GET /audio/login.view?error HTTP/1.1"
Nov 14 19:26:45 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:43.195] www-https subsonic-backend/subsonic 1888/0/0/3/1891 302 263 - - ---- 1/1/0/1/0 0/0 "POST /audio/j_acegi_security_check HTTP/1.1"
Nov 14 19:26:45 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:45.085] www-https subsonic-backend/subsonic 64/0/0/4/68 200 2988 - - ---- 1/1/0/1/0 0/0 "GET /audio/login.view?error HTTP/1.1"
Nov 14 19:26:46 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:45.154] www-https subsonic-backend/subsonic 1728/0/0/3/1731 302 263 - - ---- 1/1/0/1/0 0/0 "POST /audio/j_acegi_security_check HTTP/1.1"
Nov 14 19:26:46 haproxy haproxy[739]: 81.220.217.2:52023 [14/Nov/2015:19:26:46.885] www-https subsonic-backend/subsonic 104/0/0/4/109 200 2988 - - ---- 1/1/0/1/0 0/0 "GET /audio/login.view?error HTTP/1.1"


and here is my actual fail2ban regex filter :

Code: Select all
[Definition]
failregex = ^<HOST> -.*GET /audio/login.view\?error HTTP/1.1"
ignoreregex =

# other solution but not working too !
#<HOST> .* "(GET|POST) /.*/audio/login.view\?error HTTP/1.1"


So this is not working !

thanks for help

Insann

Re: Fail2ban with Haproxy Log

PostPosted: Wed Nov 18, 2015 3:53 pm
by insann
So i tryed to force forward Public ip with haproxy !

but after setting up haproxy i get a 404 not Found at
http://xxxxxxxxxxxxxxxx.xxx/audio/j_ace ... rity_check

so its not working ^^
HELP

Re: Fail2ban with Haproxy Log

PostPosted: Wed Nov 18, 2015 5:05 pm
by insann
viewtopic.php?f=3&t=16075&hilit=not+logging

Other topic !!
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/