Confluence 3.5 : Using Fail2Ban to limit login attempts
This page last changed on Apr 29, 2010 by rosie@atlassian.com.
What is Fail2Ban?We need a means of defending sites against brute-force login attempts. Fail2Ban is a Python application which trails logfiles, looks for regular expressions and works with Shorewall (or directly with iptables) to apply temporary blacklists against addresses that match a pattern too often. This can be used to limit the rate at which a given machine hits login URLs for Confluence. Prerequisites
How to set it upThis list is a skeletal version of the instructions
Running Fail2Ban
Common Configurationjail.local # The DEFAULT allows a global definition of the options. They can be override # in each jail afterwards. [DEFAULT] # "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not # ban a host which matches an address in this list. Several addresses can be # defined using space separator. # ignoreip = <space-separated list of IPs> # "bantime" is the number of seconds that a host is banned. bantime = 600 # A host is banned if it has generated "maxretry" during the last "findtime" # seconds. findtime = 60 # "maxretry" is the number of failures before a host get banned. maxretry = 3 [ssh-iptables] enabled = false [apache-shorewall] enabled = true filter = cac-login action = shorewall logpath = /var/log/httpd/confluence-access.log bantime = 600 maxretry = 3 findtime = 60 backend = polling Configuring for Confluence
filter.d/confluence-login.conf [Definition] failregex = <HOST>.*"GET /login.action ignoreregex = |
![]() |
Document generated by Confluence on Mar 16, 2011 18:29 |