Bug #644
Fail2ban bans me every time i use lists.duckcorp.org
Start date:
2019-03-28
Due date:
% Done:
100%
Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
Entity:
DuckCorp
Security:
No
Help Needed:
Description
It seems there is an apache misconfiguration:
/var/log/apache2/lists.duckcorp.org_ssl_error.log
/var/log/apache2/lists.duckcorp.org_ssl_error.log:[Thu Mar 28 09:18:21.839134 2019] [authz_core:error] [pid 30354] [client W.X.Y.Z:41356] AH01630: client denied by server configuration: /var/www/void/dc-admins /var/log/apache2/lists.duckcorp.org_ssl_error.log:[Thu Mar 28 09:18:22.243678 2019] [authz_core:error] [pid 30354] [client W.X.Y.Z:41356] AH01630: client denied by server configuration: /var/www/void/favicon.ico /var/log/apache2/lists.duckcorp.org_ssl_error.log:[Thu Mar 28 09:18:25.126237 2019] [authz_core:error] [pid 30354] [client W.X.Y.Z:41356] AH01630: client denied by server configuration: /var/www/void/dc-admins, referer: https://lists.duckcorp.org/
/var/log/fail2ban.log
2019-03-28 09:18:25,397 fail2ban.filter [6941]: INFO [apache-auth] Found W.X.Y.Z 2019-03-28 09:18:25,514 fail2ban.actions [6941]: NOTICE [apache-auth] Ban W.X.Y.Z
Associated revisions
History
Updated by Marc Dequènes about 4 years ago
- Status changed from New to Resolved
- % Done changed from 0 to 100
Applied in changeset duckcorp-infra|f0857d65139bc398ef591f6423f77322a99c94fc.
lists.duckcorp.org: fix web configuration
cause access on /listinfo/<list> to emit a authz_core:error on /<list>
even if the CGI is well executed for some reason; with this config
there is no 404 on /<list> so this is a weird side-effect
Moreover, these changes also avoid authz_core:error on undefined
resources (like the previously missing favicon), thus preventing from
being banned by Fail2ban (closes #644).