Nextcloud Fail2Ban Regex
Add
nextcloud.conf
in/etc/fail2ban/filter.d
touch /etc/fail2ban/filter.d/nextcloud.conf
Add following Regex to file:
[Definition]
failregex=^{"reqId":".","remoteAddr":".","app":"core","message":"Login failed: '.' (Remote IP: '')","level":2,"time":"."}$
^{"reqId":".","level":2,"time":".","remoteAddr":".","app":"core".","message":"Login failed: '.' (Remote IP: '')".}$
^.\"remoteAddr\":\"\".Trusted domain error.*$
Configure Nextcloud Jail:
[nextcloud]
enabled = true
port = 80,443,35653
protocol = tcp
filter = nextcloud
maxretry = 3
logpath = /var/snap/nextcloud/current/logs/nextcloud.log
action = %(action_mwl)s
bantime = -1
Last updated