# Fail2Ban Apache pass filter
# This filter is for access.log, NOT for error.log
#
# The knocking request must have a referer.

[Definition]

failregex = ^<HOST> - \w+ \[\] "GET <knocking_url> HTTP/1\.[01]" 200 \d+ ".*" "[^-].*"$

ignoreregex =

datepattern = ^[^\[]*\[({DATE})
              {^LN-BEG}

[Init]

knocking_url = /knocking/

# Author: Viktor Szépe