regex.custom

Post Reply
moriso12
Junior Member
Posts: 2
Joined: 19 Oct 2022, 15:40

regex.custom

Post by moriso12 »

Hello all
I needs support. I am trying to protect the login to my application using regex.custom.pm
I added to /etc/csf/csf.conf > CUSTOM1_LOG = "/var/log/apache2/my_log

log code

Code: Select all

my.domain.com:443 1.1.141.25 - - [20/Oct/2022:10:23:43 +0200] "POST /api/v1/hybrid/session/start HTTP/1.1" 200 257 "https://my.domain.com/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/106.0.0.0 Safari/537.36"
the code I made

Code: Select all

if (($globlogs{CUSTOM1_LOG}{$lgfile}) and ($line =~ /(\S+).*] "\w*(?:GET|POST) .*\/api\/v1\/hybrid\/.*$ /)) { 
return ("Hybrid Login Attack",$1,"hybrid","1","80,443","1");
}
Unfortunately csf does not block invalid logins.Doesn't show there is a syntax error. I'm not sure this code is good.
Theoretically, there are no errors during the test https://regex101.com/
I will be grateful for any help.
Post Reply