From c2ed2b213d1affd5706a437850e6421a0c87b694 Mon Sep 17 00:00:00 2001
From: Thuban <thuban@yeuxdelibad.net>
Date: Wed, 01 Nov 2017 21:57:05 +0000
Subject: [PATCH] Merge branch 'master' of framagit.org:Thuban/vilain

---
 vilain.conf |   17 +++++++++++++++++
 1 files changed, 17 insertions(+), 0 deletions(-)

diff --git a/vilain.conf b/vilain.conf
index b3d67e2..907460e 100644
--- a/vilain.conf
+++ b/vilain.conf
@@ -58,3 +58,20 @@
 # don't use if you have wordpress
 logfile = /var/www/logs/access.log
 regex = (?:\S+\s){1}(\S+).*wp-login.php.*
+
+# Nextcloud: login page
+# Nextcloud 12 brings protection against brute-force attacks
+# but 1/ not yet tested so far 2/ system protection is probably more efficient
+[nextcloud]
+logfile = /var/www/htdocs/datacloud/nextcloud.log
+regex = .*Bruteforce attempt from \\"(.*)\\" detected
+
+# Nextcloud: public shares protected by password
+# regex is compliant with NginX log format:
+#     /etc/nginx/nginx.conf:
+#        log_format main '$remote_addr - $remote_user [$time_local] "$request" '
+#                        '$status $body_bytes_sent "$http_referer" '
+#                        '"$http_user_agent" "$http_x_forwarded_for"';
+[nextcloud-share]
+logfile = /var/www/logs/access-nextcloud.log
+regex = (\d+\.\d+\.\d+\.\d+) \-.*POST /s/\w+/authenticate HTTP/1.1\" 200

--
Gitblit v1.9.3