From a4c3ea0dfb4836405ea16803569b5f081568c33b Mon Sep 17 00:00:00 2001 From: Evgeny Khramtsov Date: Wed, 15 May 2019 18:13:31 +0300 Subject: [PATCH] Don't process failed EXTERNAL authentication by mod_fail2ban This will only lead to confusion because it's not considered possible to brute force client certificates. --- src/mod_fail2ban.erl | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/mod_fail2ban.erl b/src/mod_fail2ban.erl index 7c59fefcb..29247a0d1 100644 --- a/src/mod_fail2ban.erl +++ b/src/mod_fail2ban.erl @@ -53,6 +53,9 @@ %%%=================================================================== -spec c2s_auth_result(ejabberd_c2s:state(), true | {false, binary()}, binary()) -> ejabberd_c2s:state() | {stop, ejabberd_c2s:state()}. +c2s_auth_result(#{sasl_mech := Mech} = State, {false, _}, _User) + when Mech == <<"EXTERNAL">> -> + State; c2s_auth_result(#{ip := {Addr, _}, lserver := LServer} = State, {false, _}, _User) -> case is_whitelisted(LServer, Addr) of true ->