From 79906f969dbb783ebd7a64bf857f886fd25730a7 Mon Sep 17 00:00:00 2001 From: OniriCorpe Date: Mon, 11 Sep 2023 09:43:31 +0200 Subject: [PATCH] [docs] add fail2ban regex in the doc (#2189) --- docs/advanced/security/firewall.md | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/docs/advanced/security/firewall.md b/docs/advanced/security/firewall.md index c94dce75a..d2bb72e58 100644 --- a/docs/advanced/security/firewall.md +++ b/docs/advanced/security/firewall.md @@ -82,3 +82,9 @@ Both SSHGuard and fail2ban ship with "backends" that can target iptables and nft * [ArchWiki](https://wiki.archlinux.org/title/sshguard) on sshguard * [FreeBSD manual](https://man.freebsd.org/cgi/man.cgi?query=sshguard&sektion=8&manpath=FreeBSD+13.2-RELEASE+and+Ports) for sshguard * [SSHGuard setup](https://manpages.ubuntu.com/manpages/lunar/en/man7/sshguard-setup.7.html) manual for Ubuntu + +For fail2ban, you can use the following regex, which triggers fail2ban on failed logins and not another 'Unauthorized' errors (API for example): + +```regex +statusCode=401 path=/auth/sign_in clientIP= .* msg=\"Unauthorized: +```