fail2ban setup for Cherokee

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: fail2ban setup for Cherokee

fail2ban scanning apache's logs for bruteforce attempts. cherokee's logs
compatible with apache.

On Вск, 2010-08-01 at 11:36 -0700, C. Mundi wrote:
> 
> Hi,
> 
> Is anyone here using fail2ban filters and actions with Cherokee, and
> would you be willing to share any of them?  I finally got tired of
> managing iptables directly and am giving fail2ban a try.  Naturally,
> it ships with Apache examples but none for Cherokee.  :(
> 
> Thanks,
> CM
> 
> _______________________________________________
> Cherokee mailing list
> Cherokee <at> lists.octality.com
> http://lists.octality.com/listinfo/cherokee

--

-- 

Vladimir Smagin
http://blindage.org
PGP\GPG http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xBB04707114E9F564

_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: fail2ban setup for Cherokee

Vladimir... Good point!  Thanks!

Kyle

On 8/1/10, Vladimir Smagin <21h <at> blindage.org> wrote:
> fail2ban scanning apache's logs for bruteforce attempts. cherokee's logs
> compatible with apache.
>
> On Вск, 2010-08-01 at 11:36 -0700, C. Mundi wrote:
>>
>> Hi,
>>
>> Is anyone here using fail2ban filters and actions with Cherokee, and
>> would you be willing to share any of them?  I finally got tired of
>> managing iptables directly and am giving fail2ban a try.  Naturally,
>> it ships with Apache examples but none for Cherokee.  :(
>>
>> Thanks,
>> CM
>>
>> _______________________________________________
>> Cherokee mailing list
>> Cherokee <at> lists.octality.com
>> http://lists.octality.com/listinfo/cherokee
>
> --
>
> Vladimir Smagin
> http://blindage.org
> PGP\GPG
> http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xBB04707114E9F564
>
_______________________________________________
Cherokee mailing list
Cherokee <at> lists.octality.com
http://lists.octality.com/listinfo/cherokee

Re: fail2ban setup for Cherokee

So that means setting the log output to Apache compatible and done?

On Aug 1, 11:23 pm, "C. Mundi" <cmu... <at> gmail.com> wrote:
> Vladimir... Good point!  Thanks!
>
> Kyle
>
> On 8/1/10, Vladimir Smagin <2... <at> blindage.org> wrote:
>
> > fail2ban scanning apache's logs for bruteforce attempts. cherokee's logs
> > compatible with apache.
>
> > On ÷ÓË, 2010-08-01 at 11:36 -0700, C. Mundi wrote:
>
> >> Hi,
>
> >> Is anyone here using fail2ban filters and actions with Cherokee, and
> >> would you be willing to share any of them?  I finally got tired of
> >> managing iptables directly and am giving fail2ban a try.  Naturally,
> >> it ships with Apache examples but none for Cherokee.  :(
>
> >> Thanks,
> >> CM
>
> >> _______________________________________________
> >> Cherokee mailing list
> >> Chero... <at> lists.octality.com
> >>http://lists.octality.com/listinfo/cherokee
>
> > --
>
> > Vladimir Smagin
> >http://blindage.org
> > PGP\GPG
> >http://pgp.mit.edu:11371/pks/lookup?op=vindex&search=0xBB04707114E9F564
>
> _______________________________________________
> Cherokee mailing list
> Chero... <at> lists.octality.comhttp://lists.octality.com/listinfo/cherokee

Re: fail2ban setup for Cherokee

On 02/08/2010, at 02:58, Voltron wrote:

> So that means setting the log output to Apache compatible and done?

Yes, that should be enough.

--
Octality
http://www.octality.com/

Can a V Server listen on alternate port?

I'd like to set up a virtual server that listens on a non-standard port 
- on 56080, for example.

I want ONLY this server to listen on that port. If anything comes in to 
that port, then none of the other servers can see it, even if the host 
matches their rules.

Ideally, I'd like a virtual server that will match anything on that 
port, no matter what the host name is.

Is this possible with Cherokee?

thanks.

Re: Can a V Server listen on alternate port?

On Tue, 3 Aug 2010, J. Michael Adams wrote:

> I'd like to set up a virtual server that listens on a non-standard port - on 
> 56080, for example.
>
> I want ONLY this server to listen on that port. If anything comes in to that 
> port, then none of the other servers can see it, even if the host matches 
> their rules.
>
> Ideally, I'd like a virtual server that will match anything on that port, no 
> matter what the host name is.
>
> Is this possible with Cherokee?

Start cherokee twice ;) A config for that specific port, and a config for 
the rest.

Stefan

wget gets RST

Hello

https://ip.tsaitgaist.info/ prints well in firefox (I use CAcert to sign
my certificate).
but "wget -SO index.html --no-check-certificate
https://ip.tsaitgaist.info/" does not work.
The connection is established (SSL is not the problem), and I get a HTTP
response with "Connection: close" in the header. Then the webserver
sends a TCP packet with the RST flag.
I use cherokee 1.0.5 on Ubuntu 10.04. The vhost is in advanced mode
(parsing hostname to point to the right directory).
index.php works fine, and the wget works with apache.
Any idea why cherokee resets the connection ?

Thanks,
Kevin

Re: wget gets RST

Hello Kevin,

On 04/08/2010, at 07:54, ml <at> mail.tsaitgaist.info wrote:

> https://ip.tsaitgaist.info/ prints well in firefox (I use CAcert to sign
> my certificate).
> but "wget -SO index.html --no-check-certificate
> https://ip.tsaitgaist.info/" does not work.
> The connection is established (SSL is not the problem), and I get a HTTP
> response with "Connection: close" in the header. Then the webserver
> sends a TCP packet with the RST flag.
> I use cherokee 1.0.5 on Ubuntu 10.04. The vhost is in advanced mode
> (parsing hostname to point to the right directory).
> index.php works fine, and the wget works with apache.
> Any idea why cherokee resets the connection ?

A few connection closing issues have been fixed since 1.0.5. I've just tested trunk, and what I saw was the
connection being roughly closed by wget. More specifically:

 (reply is sent..)
 https > 50442  [FIN, ACK]
 50442 > https  [RST]

Could you please give trunk¹ a try to ensure that problem is actually solved (for your environment as
well)? 

1.- http://www.cherokee-project.com/doc/basics_installation_svn.html

--
Octality
http://www.octality.com/

Re: wget gets RST

problem fixed with SVN 5340.
Is there a roadmap or date for 1.0.6 ?

Thanks,
Kevin

On 04.08.2010 10:21, Alvaro Lopez Ortega wrote:
> Hello Kevin,
> 
> On 04/08/2010, at 07:54, ml <at> mail.tsaitgaist.info wrote:
> 
>> https://ip.tsaitgaist.info/ prints well in firefox (I use CAcert to sign
>> my certificate).
>> but "wget -SO index.html --no-check-certificate
>> https://ip.tsaitgaist.info/" does not work.
>> The connection is established (SSL is not the problem), and I get a HTTP
>> response with "Connection: close" in the header. Then the webserver
>> sends a TCP packet with the RST flag.
>> I use cherokee 1.0.5 on Ubuntu 10.04. The vhost is in advanced mode
>> (parsing hostname to point to the right directory).
>> index.php works fine, and the wget works with apache.
>> Any idea why cherokee resets the connection ?
> 
> A few connection closing issues have been fixed since 1.0.5. I've just tested trunk, and what I saw was the
connection being roughly closed by wget. More specifically:
> 
>  (reply is sent..)
>  https > 50442  [FIN, ACK]
>  50442 > https  [RST]
> 
> Could you please give trunk¹ a try to ensure that problem is actually solved (for your environment as
well)? 
> 
> 1.- http://www.cherokee-project.com/doc/basics_installation_svn.html
> 
> --
> Octality
> http://www.octality.com/
> 
>