FAIL2BAN - Filter.d - http-graylog
From IT-Arts.net
! Should be customized to your needs !
Filter.d
# /etc/fail2ban/filter.d/http-graylog.conf
# Fail2Ban filter for Graylog Web interface behind Nginx
[Definition]
# Match failed login attempts in Nginx access log
failregex = ^<HOST> - .* "POST /api/login HTTP/.*" 401
^<HOST> - .* "POST /login HTTP/.*" 401
# Optionally match basic auth failures (if enabled)
# failregex = ^<HOST> - .* "GET /.*" 401
ignoreregex =
Jail.conf
[http-graylog] enabled = true banaction = %(banaction_allports)s logpath = /var/log/nginx/*.access.log maxretry = 10 bantime = 10m findtime = 3d backend = polling
