samwiseetc/fail2ban/filter.d/suhosin.conf

# Fail2Ban filter for suhosian PHP hardening
#
# This occurs with lighttpd or directly from the plugin
#

[INCLUDES]

# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf


[Definition]

_daemon = (?:lighttpd|suhosin)


_lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s)

failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .*? \(attacker '<HOST>', file '[^']*'(?:, line \d+)?\)$

ignoreregex = 

# DEV Notes:
#
# https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161
#
# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>
Initial recommit 2 years ago			`# Fail2Ban filter for suhosian PHP hardening`
			`#`
			`# This occurs with lighttpd or directly from the plugin`
			`#`

			`[INCLUDES]`

			`# Read common prefixes. If any customizations available -- read them from`
			`# common.local`
			`before = common.conf`


			`[Definition]`

			`_daemon = (?:lighttpd\|suhosin)`


			`_lighttpd_prefix = (?:\(mod_fastcgi\.c\.\d+\) FastCGI-stderr:\s)`

			`failregex = ^%(__prefix_line)s%(_lighttpd_prefix)s?ALERT - .? \(attacker '<HOST>', file '[^']'(?:, line \d+)?\)$`

			`ignoreregex =`

			`# DEV Notes:`
			`#`
			`# https://github.com/stefanesser/suhosin/blob/1fba865ab73cc98a3109f88d85eb82c1bfc29b37/log.c#L161`
			`#`
			`# Author: Arturo 'Buanzo' Busleiman <buanzo@buanzo.com.ar>`