fail2ban support
dinosmm opened this issue · comments
Is it possible for you to provide some guidance on how to set up fail2ban for jfa-go?
It's a great invite management system, but I am a bit wary of having a login page exposed that won't ban brute forcing IPs.
I have spent some time, and I think I got it working, so here is my config in case it helps others set up fail2ban on jfa-go.
I set up a filter file as /etc/fail2ban/filter.d/jfago.conf:
[Definition]
failregex = ^<HOST> -.* 401
And put this inside my jail.local:
[jfago]
enabled = true
port = http,https
filter = jfago
logpath = /var/log/nginx/jfago.log
maxretry = 3
findtime = 5m
bantime = 10d
action = cloudflare
%(action_mw)s
I am using Cloudflare to block IPs, so the action should be modified accordingly for anyone not using Cloudflare or using something else external (otherwise you just keep the %(action_mw)s in there).