fail2ban/config/filter.d/drupal-auth.conf

# Fail2Ban filter to block repeated failed login attempts to Drupal site(s)
#
#
# Drupal must be setup to use Syslog, which defaults to the following format:
#
#   !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message
#
#

[INCLUDES]

before = common.conf


[Definition]

failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\.-]+)*\|\d{10}\|user\|<HOST>\|.+\|.+\|\d\|.*\|Login attempt failed for .+\.$

ignoreregex =


# DEV Notes:
#
# https://www.drupal.org/documentation/modules/syslog
#
# Author: Lee Clemens
Add drupal-auth filter and jail 2015-04-27 17:10:27 +00:00			`# Fail2Ban filter to block repeated failed login attempts to Drupal site(s)`
			`#`
			`#`
			`# Drupal must be setup to use Syslog, which defaults to the following format:`
			`#`
			`# !base_url\|!timestamp\|!type\|!ip\|!request_uri\|!referer\|!uid\|!link\|!message`
			`#`
			`#`

			`[INCLUDES]`

			`before = common.conf`


			`[Definition]`

			`failregex = ^%(__prefix_line)s(https?:\/\/)([\da-z\.-]+)\.([a-z\.]{2,6})(\/[\w\.-]+)\\|\d{10}\\|user\\|<HOST>\\|.+\\|.+\\|\d\\|.\\|Login attempt failed for .+\.$`

			`ignoreregex =`


			`# DEV Notes:`
			`#`
			`# https://www.drupal.org/documentation/modules/syslog`
			`#`
			`# Author: Lee Clemens`