Nextcloud Fail2Ban Regex

Add nextcloud.conf in /etc/fail2ban/filter.d

touch /etc/fail2ban/filter.d/nextcloud.conf

Add following Regex to file:

[Definition]
failregex=^{"reqId":".","remoteAddr":".","app":"core","message":"Login failed: '.' (Remote IP: '')","level":2,"time":"."}$
^{"reqId":".","level":2,"time":".","remoteAddr":".","app":"core".","message":"Login failed: '.' (Remote IP: '')".}$
^.\"remoteAddr\":\"\".Trusted domain error.*$

Configure Nextcloud Jail:

[nextcloud]
enabled = true
port = 80,443,35653
protocol = tcp
filter = nextcloud
maxretry = 3
logpath = /var/snap/nextcloud/current/logs/nextcloud.log 
action = %(action_mwl)s
bantime = -1

PreviousNextcloud Snap install and S3 Storage Bucket NextSet up OnlyOffice on Nextcloud

Last updated 3 years ago