Fail2ban: $f2bV_matches on abuseipDB with APIV2 (not V1)
Using Fail2ban 0.11.0.3 and trying to set it up with AbuseIPDB using APIv2.
According to some issues, it was already resolved with:
actionban = lgm=$(printf '%%s\n...' "<matches>"); curl --fail --tlsv1.1 --data "key=<abuseipdb_apikey>" --data-urlencode "comment=$lgm" --data "ip=<ip>" --data "category=<abuseipdb_category>" "https://www.abuseipdb.com/report/json"
However, APIV2 is using a different setup:
actionban = curl --fail 'https://api.abuseipdb.com/api/v2/report' \
-H 'Accept: application/json' \
-H 'Key: <abuseipdb_apikey>' \
--data-urlencode 'comment=<matches>' \
--data-urlencode 'ip=<ip>' \
--data 'categories=<abuseipdb_category>'
Which also results in $f2bV_matches showing up on the report comments on the abuseipDB website. API v1 is already deprecated, so I think the abuseipdb.conf file needs to be updated using the new api v2 code.
Skyridr
All 3 comments
This going to escape-issue (via variable) inside the fail2ban (since 0.10.x)...
Just use double quotation mark " instead:
```diff
- --data-urlencode 'comment=
+ --data-urlencode "comment=
sebres
on 20 Dec 2018
Assumed as much as I just found out about it by doing some digging, thanks!
Will the abuseipdb.conf be updated with the v2 API actionban version though? Seeing v1 is deprecated.
Skyridr
on 20 Dec 2018
YW
Will the abuseipdb.conf be updated with the v2 API actionban version though?
There is a PR #2302 that covers this. So welcome with testing.
sebres
on 20 Dec 2018
Related issues
gaia
路
3Comments
4Syno
路
6Comments
electrofloat
路
3Comments
thereporter42
路
7Comments
4Syno
路
6Comments
Most helpful comment
This going to escape-issue (via variable) inside the fail2ban (since 0.10.x)...'"
Just use double quotation mark
"instead:```diff
- --data-urlencode 'comment=
+ --data-urlencode "comment=