[Fail2ban-users] No ban

SourceForge Headquarters 1320 Columbia Street Suite 310 San Diego, CA 92101 +1 (858) 422-6466

Hallo, please help me out with my configuration, I dont see a ban.

I run a webserver Webrick on port 4567 and that is my files.

filter.d/webrick.local
------
[Definition]

failregex = ^<HOST> - - \[.*\] .*"GET .*\.php.*" 404 .*$
            ^<HOST> - - \[.*\] .*/phppath/php.*" 404 .*$
            ^<HOST> - - \[.*\] .*GET /cgi-bin/php .*" 400 .*$
            ^<HOST> - - \[.*\] .*/w00tw00t.*" 404 .*$
            ^<HOST> - - \[.*\] .*/user/soapCaller.bs.*" 404 .*$

ignoreregex =
-------

I test it with fail2ban-regex for some requests like:
180.143.202.229 - - [25/Jun/2014 08:30:37] "GET /test2.php HTTP/1.1" 404 26
0.0016
---------
fail2ban-regex '180.143.202.229 - - [25/Jun/2014 08:30:37] "GET /test2.php
HTTP/1.1" 404 26 0.0016' /etc/fail2ban/filter.d/webrick.local

Running tests
=============

Use   failregex file : /etc/fail2ban/filter.d/webrick.local
Use      single line : 180.143.202.229 - - [25/Jun/2014 08:30:37] "GET /t...

Results
=======

Failregex: 1 total
|-  #) [# of hits] regular expression
|   1) [1] ^<HOST> - - \[.*\] .*"GET .*\.php.*" 404 .*$
`-

Ignoreregex: 0 total

Date template hits:
|- [# of hits] date format
|  [1] Day/MONTH/Year Hour:Minute:Second
`-

Lines: 1 lines, 0 ignored, 1 matched, 0 missed
--------

As jail I edit /etc/fail2ban/jail.local
-------
[webrick]

enabled   = true
port      = 4567
filter    = webrick
logpath   = /home/thomas/pid/webserver.output
maxretry  = 6
action   = iptables[name=webrick, port=4567, protocol=tcp]
-------

After restart I get in /var/log/fail2ban.log
-------
2014-06-26 08:03:14,928 fail2ban.jail   [5337]: INFO    Creating new jail
'webrick'
2014-06-26 08:03:14,929 fail2ban.jail   [5337]: INFO    Jail 'webrick' uses
poller
2014-06-26 08:03:14,930 fail2ban.jail   [5337]: INFO    Initiated 'polling'
backend
2014-06-26 08:03:14,931 fail2ban.filter [5337]: INFO    Added logfile =
/home/thomas/pid/webserver.output
2014-06-26 08:03:14,932 fail2ban.filter [5337]: INFO    Set maxRetry = 6
2014-06-26 08:03:14,935 fail2ban.filter [5337]: INFO    Set findtime = 600
2014-06-26 08:03:14,936 fail2ban.actions[5337]: INFO    Set banTime = 900
2014-06-26 08:03:14,976 fail2ban.jail   [5337]: INFO    Jail 'webrick'
started
-------

Now I capture that the log has no ban of this line:

180.143.202.229 - - [26/Jun/2014 08:06:50] "GET /test6.php HTTP/1.1" 404 26
0.0015

When I run:
"fail2ban-client status":
Status
|- Number of jail:      2
`- Jail list:           webrick, ssh

"fail2ban-client status webrick"
Status for the jail: webrick
|- filter
|  |- File list:        /home/thomas/pid/webserver.output
|  |- Currently failed: 3
|  `- Total failed:     4
`- action
   |- Currently banned: 0
   |  `- IP list:
   `- Total banned:     0

What I do wrong?

Thank you
Thomas