2021-10-14 15:01:48 -04:00
|
|
|
## Version 2022/08/20 - Changelog: https://github.com/linuxserver/docker-swag/commits/master/root/defaults/fail2ban/jail.local
|
2020-08-03 11:00:14 -04:00
|
|
|
# This is the custom version of the jail.conf for fail2ban
|
|
|
|
# Feel free to modify this and add additional filters
|
|
|
|
# Then you can drop the new filter conf files into the fail2ban-filters
|
|
|
|
# folder and restart the container
|
|
|
|
|
|
|
|
[DEFAULT]
|
2022-01-09 10:16:11 -05:00
|
|
|
# Prevents banning LAN subnets
|
|
|
|
ignoreip = 10.0.0.0/8
|
|
|
|
192.168.0.0/16
|
|
|
|
172.16.0.0/12
|
2020-08-03 11:00:14 -04:00
|
|
|
|
|
|
|
# Changes the default ban action from "iptables-multiport", which causes issues on some platforms, to "iptables-allports".
|
|
|
|
banaction = iptables-allports
|
|
|
|
|
|
|
|
# "bantime" is the number of seconds that a host is banned.
|
|
|
|
bantime = 600
|
|
|
|
|
|
|
|
# A host is banned if it has generated "maxretry" during the last "findtime"
|
|
|
|
# seconds.
|
|
|
|
findtime = 600
|
|
|
|
|
|
|
|
# "maxretry" is the number of failures before a host get banned.
|
|
|
|
maxretry = 5
|
|
|
|
|
|
|
|
|
|
|
|
[ssh]
|
|
|
|
enabled = false
|
|
|
|
|
|
|
|
[nginx-http-auth]
|
|
|
|
enabled = true
|
|
|
|
filter = nginx-http-auth
|
|
|
|
port = http,https
|
|
|
|
logpath = /config/log/nginx/error.log
|
|
|
|
|
|
|
|
[nginx-badbots]
|
|
|
|
enabled = true
|
|
|
|
port = http,https
|
|
|
|
filter = nginx-badbots
|
|
|
|
logpath = /config/log/nginx/access.log
|
|
|
|
maxretry = 2
|
|
|
|
|
|
|
|
[nginx-botsearch]
|
|
|
|
enabled = true
|
|
|
|
port = http,https
|
|
|
|
filter = nginx-botsearch
|
|
|
|
logpath = /config/log/nginx/access.log
|
|
|
|
|
|
|
|
[nginx-deny]
|
|
|
|
enabled = true
|
|
|
|
port = http,https
|
|
|
|
filter = nginx-deny
|
|
|
|
logpath = /config/log/nginx/error.log
|
2022-01-09 10:16:11 -05:00
|
|
|
|
|
|
|
[nginx-unauthorized]
|
|
|
|
enabled = true
|
|
|
|
port = http,https
|
|
|
|
filter = nginx-unauthorized
|
2021-10-14 15:01:48 -04:00
|
|
|
logpath = /config/log/nginx/access.log
|