fail2ban/config/filter.d/openhab.conf

16 lines
452 B
Plaintext

# Openhab brute force auth filter: /etc/fail2ban/filter.d/openhab.conf:
#
# Block IPs trying to auth openhab by web or rest api
#
# Matches e.g.
# 12.34.33.22 - - [26/sept./2015:18:04:43 +0200] "GET /openhab.app HTTP/1.1" 401 1382
# 175.18.15.10 - - [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384
[Definition]
failregex = ^<HOST>\s+-\s+-\s+\[\]\s+"[A-Z]+ .*" 401 \d+\s*$
datepattern = %%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z