Fail2ban添加vaultwarden配置

Fail2ban添加Vaultwarden配置

添加过滤器

在fail2ban的配置文件路径中新增 vaultwarden.local 文件

1
2
3
4
5
6
7
8
# /etc/fail2ban/filter.d/vaultwarden.local

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <ADDR>\. Username:.*$
ignoreregex =

添加配置

编辑配置文件 /etc/fail2ban/jail.local ,添加vaultwarden配置:

1
2
3
4
5
6
7
8
9
10
11
12
13

#vaultwarden-START
[vaultwarden]
enabled = true
port = 80,443
maxretry = 5
findtime = 300
bantime = 86400
action = %(action_mwl)s
filter = vaultwarden
logpath = /path/vaultwarden/data/bitwarden.log
#vaultwarden-START

重启fail2ban

1
$ systemctl restart fail2ban

查看fail2ban的vaultwarden状态

1
$ fail2ban-client status vaultwarden
1
2
3
4
5
6
7
8
9
Status for the jail: vaultwarden
|- Filter
|  |- Currently failed:	0
|  |- Total failed:	0
|  `- File list:	/path/vaultwarden/data/bitwarden.log
`- Actions
   |- Currently banned:	0
   |- Total banned:	0
   `- Banned IP list:

解除ip限制

1
$ fail2ban-client unban 192.168.1.100