Created
April 28, 2017 21:00
-
-
Save carboneater/b0299373d3c016da44c193133978dc86 to your computer and use it in GitHub Desktop.
Fail2ban filter to detect SSL Handshake Failure due to a bad client SSL Version
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # fail2ban filter configuration for nginx | |
| # Detects SSL Handshake Failures | |
| [Definition] | |
| failregex = \[crit\] \d+\#\d+: \*\d+ SSL_do_handshake\(\) failed \(SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low\) while SSL handshaking, client: <HOST>, server: \S*\s*$ | |
| ignoreregex = | |
| # DEV NOTES: | |
| # Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files | |
| # and the work of Daniel Black in https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/nginx-http-auth.conf | |
| # Extensive search of all nginx auth failures not done yet. | |
| # | |
| # Author: Gabriel Fournier |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment