Skip to content

Instantly share code, notes, and snippets.

@carboneater
Created April 28, 2017 21:00
Show Gist options
  • Save carboneater/b0299373d3c016da44c193133978dc86 to your computer and use it in GitHub Desktop.
Save carboneater/b0299373d3c016da44c193133978dc86 to your computer and use it in GitHub Desktop.
Fail2ban filter to detect SSL Handshake Failure due to a bad client SSL Version
# fail2ban filter configuration for nginx
# Detects SSL Handshake Failures
[Definition]
failregex = \[crit\] \d+\#\d+: \*\d+ SSL_do_handshake\(\) failed \(SSL: error:1417D18C:SSL routines:tls_process_client_hello:version too low\) while SSL handshaking, client: <HOST>, server: \S*\s*$
ignoreregex =
# DEV NOTES:
# Based on samples in https://github.com/fail2ban/fail2ban/pull/43/files
# and the work of Daniel Black in https://github.com/fail2ban/fail2ban/blob/master/config/filter.d/nginx-http-auth.conf
# Extensive search of all nginx auth failures not done yet.
#
# Author: Gabriel Fournier
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment