Release Support > Pending Issues
Fail2Ban
elliot46:
Hi to all,
from a safety perspective, I would like to implement the "Fail2Ban" feature or do you have any other idea to curb the DDOS attack in Roundcube webmail?
Thank you
Dmitry42:
I use fail2ban )
elliot46:
have you an example to config ?
Dmitry42:
What exactly config file you mean under config ?
fail2ban have many config files - settings, filters ...
You can use any internet tutorial for setup blocking rules.
/etc/fail2ban/jail.d/services.conf
--- Quote ---[nginx-botsearch]
enabled = true
#port = http,https
filter = nginx-botsearch
action = iptables-multiport[name=nginx-botsearch, port="80,443,25,465,587,110,995,143,993", protocol=tcp]
logpath = /var/log/nginx/error.log
maxretry = 5
findtime = 1m
#[nginx-ddos]
#enabled = true
#port = http,https
#filter = nginx-limit-req
#action = iptables-multiport[name=nginxddos, port="http,https", protocol=tcp]
#logpath = /var/log/nginx/error.log
[postfix]
enabled = true
filter = postfix
action = iptables-multiport[name=postfix, port="80,443,25,465,587,110,995,143,993", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 15
findtime = 5m
bantime = 30d
[dovecot]
enabled = true
filter = dovecot
action = iptables-multiport[name=dovecot, port="80,443,25,465,587,110,995,143,993", protocol=tcp]
logpath = /var/log/mail.log
maxretry = 15
findtime = 5m
bantime = 30d
--- End quote ---
I not use [nginx-ddos] section - for my it have false positive reaction and block too much addresses. And this section need additional nginx configuration
elliot46:
ok, thanks !
Navigation
[0] Message Index
[#] Next page
Go to full version