Regex not working for NGINX Basic Auth (Fail2Ban)


#1

Hi,

I am having issues getting Fail2Ban to pick up my correct log for a failed login attempt into NGINX Basic Auth.

This is my log of the failed login:

2016/10/12 14:29:56 [error] 16270#16270: *6738 user "test2" was not found in "/etc/nginx/htpasswd-ee", client: 111.111.111.111, server: , request: "GET / HTTP/2.0", host: "domain.com:22222"

here is my regex:

^ \[error\] \d+#\d+: \*\d+ user "\S+":? (password mismatch|was not found in ".*"), client: <HOST>, server: \S+, request: "\S+ \S+ HTTP/\d+\.\d+", host: "\S+"\s*$

From what I get tell using a regex tool, it’s getting stuck on the server with a blank space and not a number. But not 100% sure as I do not fully understand regex very well.


#2