Feature Description
Hello,
I’d like to propose an improvement to the Fail2Ban documentation.
The current page is useful for basic setups, but there are a few important gaps in modern deployments:
many installations use MODE = console and rely on journald/systemd instead of file logs
failed API authentication attempts can appear as 401 Unauthorized router log entries
Git over HTTP (.git/info/refs, git-upload-pack, git-receive-pack) is a significant brute-force surface and should be documented as such
the jail should explicitly target http,https to avoid banning the wrong ports by mistake
I validated this on a real installation and can prepare a documentation PR with:
a journald/systemd-based jail example
regex examples covering web login, API 401s, and Git HTTP 401s
an explicit port = http,https example
notes about validating regexes against real logs before enabling bans
Example log patterns I validated:
Failed authentication attempt for from
completed GET /api/v1/user for :0, 401 Unauthorized
completed GET //.git/info/refs?service=git-upload-pack for :0, 401 Unauthorized
If this sounds useful, I can open a PR for the docs.
Screenshots
No response
Feature Description
Hello,
I’d like to propose an improvement to the Fail2Ban documentation.
The current page is useful for basic setups, but there are a few important gaps in modern deployments:
many installations use MODE = console and rely on journald/systemd instead of file logs
failed API authentication attempts can appear as 401 Unauthorized router log entries
Git over HTTP (.git/info/refs, git-upload-pack, git-receive-pack) is a significant brute-force surface and should be documented as such
the jail should explicitly target http,https to avoid banning the wrong ports by mistake
I validated this on a real installation and can prepare a documentation PR with:
a journald/systemd-based jail example
regex examples covering web login, API 401s, and Git HTTP 401s
an explicit port = http,https example
notes about validating regexes against real logs before enabling bans
Example log patterns I validated:
Failed authentication attempt for from
completed GET /api/v1/user for :0, 401 Unauthorized
completed GET //.git/info/refs?service=git-upload-pack for :0, 401 Unauthorized
If this sounds useful, I can open a PR for the docs.
Screenshots
No response