Fail2ban regex: how to NOT get host name but ip?
Clash Royale CLAN TAG#URR8PPP
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty margin-bottom:0;
In my access.log I got somerow a
ip - - [date] method link ... etc..
and some others with
www.domain.com:ip - - [date] method link ... etc..
I am actually using this regexp
^<HOST>.*/phpmyadmin
The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.
Is there a more precise regexp for ip and not host name?
fail2ban
asked Mar 14 at 11:35
realteborealtebo
1286
add a comment |
In my access.log I got somerow a
ip - - [date] method link ... etc..
and some others with
www.domain.com:ip - - [date] method link ... etc..
I am actually using this regexp
^<HOST>.*/phpmyadmin
The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.
Is there a more precise regexp for ip and not host name?
fail2ban
asked Mar 14 at 11:35
realteborealtebo
1286
add a comment |
In my access.log I got somerow a
ip - - [date] method link ... etc..
and some others with
www.domain.com:ip - - [date] method link ... etc..
I am actually using this regexp
^<HOST>.*/phpmyadmin
The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.
Is there a more precise regexp for ip and not host name?
fail2ban
asked Mar 14 at 11:35
realteborealtebo
1286
In my access.log I got somerow a
ip - - [date] method link ... etc..
and some others with
www.domain.com:ip - - [date] method link ... etc..
I am actually using this regexp
^<HOST>.*/phpmyadmin
The problem is that It causes that fail2ban uses as ip the reverse lookup of www.domain.com when parsing the second kind of rows.
Is there a more precise regexp for ip and not host name?
fail2ban
fail2ban
asked Mar 14 at 11:35
realteborealtebo
1286
asked Mar 14 at 11:35
realteborealtebo
1286
asked Mar 14 at 11:35
realteborealtebo
1286
asked Mar 14 at 11:35
realteborealtebo
1286
asked Mar 14 at 11:35
realteborealtebo
1286
1286
add a comment |
add a comment |
1 Answer
1
active
oldest
votes
I think you want to tell fail2ban to not do hostname lookups.
use_dns
yes (current behavior)
warn (uses but warns upon each dns lookup)
no (no DNS lookup, no warnings, INFO-LEVEL log messages when
rDNS was necessary and entry was ignored because of that)
answered Mar 14 at 13:08
number9number9
56527
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "106"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: false,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: null,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506263%2ffail2ban-regex-how-to-not-get-host-name-but-ip%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
1 Answer
1
active
oldest
votes
1 Answer
1
active
oldest
votes
active
oldest
votes
active
oldest
votes
I think you want to tell fail2ban to not do hostname lookups.
use_dns
yes (current behavior)
warn (uses but warns upon each dns lookup)
no (no DNS lookup, no warnings, INFO-LEVEL log messages when
rDNS was necessary and entry was ignored because of that)
answered Mar 14 at 13:08
number9number9
56527
add a comment |
I think you want to tell fail2ban to not do hostname lookups.
use_dns
yes (current behavior)
warn (uses but warns upon each dns lookup)
no (no DNS lookup, no warnings, INFO-LEVEL log messages when
rDNS was necessary and entry was ignored because of that)
answered Mar 14 at 13:08
number9number9
56527
add a comment |
I think you want to tell fail2ban to not do hostname lookups.
use_dns
yes (current behavior)
warn (uses but warns upon each dns lookup)
no (no DNS lookup, no warnings, INFO-LEVEL log messages when
rDNS was necessary and entry was ignored because of that)
answered Mar 14 at 13:08
number9number9
56527
I think you want to tell fail2ban to not do hostname lookups.
use_dns
yes (current behavior)
warn (uses but warns upon each dns lookup)
no (no DNS lookup, no warnings, INFO-LEVEL log messages when
rDNS was necessary and entry was ignored because of that)
answered Mar 14 at 13:08
number9number9
56527
answered Mar 14 at 13:08
number9number9
56527
answered Mar 14 at 13:08
number9number9
56527
answered Mar 14 at 13:08
number9number9
56527
56527
add a comment |
add a comment |
Thanks for contributing an answer to Unix & Linux Stack Exchange!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f506263%2ffail2ban-regex-how-to-not-get-host-name-but-ip%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
