Differences From Artifact [5c64b83200]:

• File www/server/debian/nginx.md — part of check-in [2a7b1de356] at 2024-02-10 12:26:43 on branch inskinerator-modern-backport — Removed a bunch of manual indents in pre blocks, MD fenced code blocks, etc. The skin does that for us now. (user: wyoung size: 16019) [more...]

To Artifact [b54af66bc9]:

• File www/server/debian/nginx.md — part of check-in [ad47a447c8] at 2024-03-30 20:48:35 on branch trunk — Removed all references to "Fossil 2.1x" from the docs, excepting the changelog and the hashpolicy doc. The bulk of these were for 2.14 or older — *ten* versions back now! — and there is no reason to suppose such old versions are still in use any more. These notes were justified when they informed users about surprising changes and feature additions, but they now do nothing but clutter the docs. If I am wrong about people being surprised by these things, we still have the changelog, the timeline, and the forum. (user: wyoung size: 15854) [more...]

295
296
297
298
299
300
301
302

303
304
305
306
307
308
309
310
311
312

295
296
297
298
299
300
301

302



303
304
305
306
307
308
309

-
+
-
-
-

detectors don’t include one that knows how to detect an attack on
Fossil.  We have to teach it by putting the following into
`/etc/fail2ban/filter.d/nginx-fossil-login.conf`:

    [Definition]
    failregex = ^<HOST> - .*POST .*/login HTTP/..." 401

That teaches `fail2ban` how to recognize the errors logged by Fossil
That teaches `fail2ban` how to recognize the errors logged by Fossil.
[as of 2.14](/info/39d7eb0e22). (Earlier versions of Fossil returned
HTTP status code 200 for this, so you couldn’t distinguish a successful
login from a failure.)

Then in `/etc/fail2ban/jail.local`, add this section:

    [nginx-fossil-login]
    enabled = true
    logpath = /var/log/nginx/*-https-access.log