Project

General

Profile

Bug #644

Fail2ban bans me every time i use lists.duckcorp.org

Added by Pierre-Louis Bonicoli 6 months ago. Updated 4 months ago.

Status:
Resolved
Priority:
Normal
Category:
Service :: Mail
Start date:
2019-03-28
Due date:
% Done:

100%

Estimated time:
Patch Available:
Confirmed:
Yes
Branch:
Entity:
DuckCorp
Security:
No
Help Needed:

Description

It seems there is an apache misconfiguration:

  • /var/log/apache2/lists.duckcorp.org_ssl_error.log
    /var/log/apache2/lists.duckcorp.org_ssl_error.log:[Thu Mar 28 09:18:21.839134 2019] [authz_core:error] [pid 30354] [client W.X.Y.Z:41356] AH01630: client denied by server configuration: /var/www/void/dc-admins
    /var/log/apache2/lists.duckcorp.org_ssl_error.log:[Thu Mar 28 09:18:22.243678 2019] [authz_core:error] [pid 30354] [client W.X.Y.Z:41356] AH01630: client denied by server configuration: /var/www/void/favicon.ico
    /var/log/apache2/lists.duckcorp.org_ssl_error.log:[Thu Mar 28 09:18:25.126237 2019] [authz_core:error] [pid 30354] [client W.X.Y.Z:41356] AH01630: client denied by server configuration: /var/www/void/dc-admins, referer: https://lists.duckcorp.org/
    
  • /var/log/fail2ban.log
    2019-03-28 09:18:25,397 fail2ban.filter         [6941]: INFO    [apache-auth] Found W.X.Y.Z
    2019-03-28 09:18:25,514 fail2ban.actions        [6941]: NOTICE  [apache-auth] Ban W.X.Y.Z
    

Associated revisions

Revision f0857d65 (diff)
Added by Marc Dequènes 4 months ago

lists.duckcorp.org: fix web configuration

  • add favicon
  • add robots.txt
  • check directory restrictions
  • define a vhost DocumentRoot because the global restricted DocumentRoot
    cause access on /listinfo/<list> to emit a authz_core:error on /<list>
    even if the CGI is well executed for some reason; with this config
    there is no 404 on /<list> so this is a weird side-effect

Moreover, these changes also avoid authz_core:error on undefined
resources (like the previously missing favicon), thus preventing from
being banned by Fail2ban (closes #644).

History

#1

Updated by Marc Dequènes 4 months ago

  • Status changed from New to Resolved
  • % Done changed from 0 to 100

Also available in: Atom PDF