Hi,
I have Nginx configured and running as I wanted.
Next step is to implement some log monitoring my my server (Fail2Ban) to block what needs to be blocked.
In doing so what I have found is that when someone try to log in with wrong username and/or password nothing out of the ordinary gets logged into the access.log.
The exact same line in the log appears when you display the login page. Then nothing gets logged about user name and password being wrong and finally (as the page refreshes) to display the invalid credentials warning, the oringal log entry happens again. An example:
117.100.101.199 - - [22/Oct/2015:23:16:13 +0800] "POST /xxx/api/tokens HTTP/1.1" 403 156 "https://fake.url.com/xxx/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36"
If I am going to use Fail2Ban with the above line it will ban all requests (good and bad).
In the error log there isn't much to display either.
How can I Nginx to add more "meat" to the logs (such failed authentication message and others).
Thanks again guys.
I have Nginx configured and running as I wanted.
Next step is to implement some log monitoring my my server (Fail2Ban) to block what needs to be blocked.
In doing so what I have found is that when someone try to log in with wrong username and/or password nothing out of the ordinary gets logged into the access.log.
The exact same line in the log appears when you display the login page. Then nothing gets logged about user name and password being wrong and finally (as the page refreshes) to display the invalid credentials warning, the oringal log entry happens again. An example:
117.100.101.199 - - [22/Oct/2015:23:16:13 +0800] "POST /xxx/api/tokens HTTP/1.1" 403 156 "https://fake.url.com/xxx/" "Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/46.0.2490.71 Safari/537.36"
If I am going to use Fail2Ban with the above line it will ban all requests (good and bad).
In the error log there isn't much to display either.
How can I Nginx to add more "meat" to the logs (such failed authentication message and others).
Thanks again guys.