Re: fail2ban fails to ban apache...

To: debian-user@lists.debian.org
Subject: Re: fail2ban fails to ban apache...
From: Scott Ferguson <scott.ferguson.debian.user@gmail.com>
Date: Sun, 22 Dec 2013 21:24:34 +1100
Message-id: <[🔎] 52B6BDE2.6090103@gmail.com>
In-reply-to: <[🔎] 52B5C963.1060201@mi.parisdescartes.fr>
References: <[🔎] 52B5C963.1060201@mi.parisdescartes.fr>

On 22/12/13 04:01, François Patte wrote:
> Bonjour,
> 
> I try to configure fail2ban in order to ban IP which try to connect to
> directories protected by .htaccess.

Surely you mean "try to configure fail2ban in order to ban IP addresses
which repeatedly *fail* to login to a apache protected directory"

Protected by .htaccess could mean:-
Redirect 301 /admn/scripts/setup.php http://goatse.info/

rather than:-
AuthUserFile "/somewhere/htusers"
AuthType something
AuthName something
require valid-user


Probably an English thing. Hope I've understood you correctly and you
actually mean auth as opposed to redirect.

> 
> Here is my [apache] section in jail.conf:
> 
> enabled  = true
> port     = http,https
> filter   = apache-auth
> logpath  = /var/log/apache*/*error.log
> maxretry = 3
> 
> But I tested filling the auth form with erroneous login/password and
> nothing happens! Nothing appeared in /var/log/fail2ban.log...

Did you modify /etc/fail2ban/filter.d/apache-auth.conf?

> 
> I tried the same for ssh connections and the IP of the computer from
> which I tried was banned after the third attempt.
> 
> What is missing in my config?

Nothing. That's the correct behaviour (three strikes and out).

NOTE: fail2ban only bans *IP* addresses

<snipped>

Refs:-
man fail2ban
http://www.fail2ban.org

Kind regards.

Reply to:

References:
- fail2ban fails to ban apache...
  - From: François Patte <francois.patte@mi.parisdescartes.fr>

Prev by Date: Re: fail2ban fails to ban apache...
Next by Date: Re: Changing Hostname?
Previous by thread: Re: fail2ban fails to ban apache...
Next by thread: Changing Hostname?
Index(es):
- Date
- Thread