I'm trying, without success, to ban this line using fail2ban-regex :
root@XXXX:/etc/fail2ban#fail2ban-regex '[Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script '/var/html/abc.php' not found or unable to stat' filter.d/apache-noscript.conf
using the original failregex in the apache-noscript
failregex = ^%(_apache_error_client)s ((AH001(28|30): )?File does not exist|(AH01264: )?script not found or unable to stat): /\S*(\.php|\.a$
^%(_apache_error_client)s script '/\S*(\.php|\.asp|\.exe|\.pl)\S*' not found or unable to stat\s*$
the result is line 'missed' (i was waiting for line 'matched' )
Lines: 1 lines, 0 ignored, 0 matched, 1 missed
|- Missed line(s):
| [Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script /var/html/abc.php not found or unable to stat
Please do you know the The_good_failregex to match this line (as like in std log) ? (Fail2Ban v0.8.11 Apache/2.4.7 (Ubuntu)) :
fail2ban-regex '[Mon Jun 22 09:55:16.780767 2015] [:error] [pid 1962] [client 1.2.3.4:38909] script '/var/html/abc.php' not found or unable to stat' The_good_failregex
Many Thanks for your help.
It seems to be version issue.
Fail2Ban v0.8.11 was currently used, need to be be updated to v0.8.12 (:? before 'error' ...)
Thanks.