From af61e2d3033c070040703982ba9fda732e0f2e7d Mon Sep 17 00:00:00 2001
From: FreddleSpl0it <75116288+FreddleSpl0it@users.noreply.github.com>
Date: Tue, 3 Mar 2026 13:24:44 +0100
Subject: [PATCH] [Web] Add fail2ban logging to passwordless autodiscover
 endpoint

---
 data/web/autodiscover.php | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/data/web/autodiscover.php b/data/web/autodiscover.php
index c0e69537..3e31dc3d 100644
--- a/data/web/autodiscover.php
+++ b/data/web/autodiscover.php
@@ -83,6 +83,8 @@ if(!$data) {
     );
     $redis->lPush('AUTODISCOVER_LOG', $json);
     $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+    $redis->publish("F2B_CHANNEL", "Autodiscover: Invalid request by " . $_SERVER['REMOTE_ADDR']);
+    error_log("Autodiscover: Invalid request by " . $_SERVER['REMOTE_ADDR']);
   }
   catch (RedisException $e) {
     $_SESSION['return'][] = array(
@@ -121,6 +123,8 @@ try {
     );
     $redis->lPush('AUTODISCOVER_LOG', $json);
     $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+    $redis->publish("F2B_CHANNEL", "Autodiscover: Malformed XML by " . $_SERVER['REMOTE_ADDR']);
+    error_log("Autodiscover: Malformed XML by " . $_SERVER['REMOTE_ADDR']);
   }
   catch (RedisException $e) {
     // Silently fail
@@ -179,6 +183,8 @@ if (empty($MailboxData)) {
     );
     $redis->lPush('AUTODISCOVER_LOG', $json);
     $redis->lTrim('AUTODISCOVER_LOG', 0, 100);
+    $redis->publish("F2B_CHANNEL", "Autodiscover: Invalid mailbox attempt by " . $_SERVER['REMOTE_ADDR']);
+    error_log("Autodiscover: Invalid mailbox attempt by " . $_SERVER['REMOTE_ADDR']);
   }
   catch (RedisException $e) {
     // Silently fail