Nextcloud Fail2Ban Regex

  1. Add nextcloud.conf in /etc/fail2ban/filter.d

touch /etc/fail2ban/filter.d/nextcloud.conf
  1. Add following Regex to file:

[Definition]
failregex=^{"reqId":".","remoteAddr":".","app":"core","message":"Login failed: '.' (Remote IP: '')","level":2,"time":"."}$
^{"reqId":".","level":2,"time":".","remoteAddr":".","app":"core".","message":"Login failed: '.' (Remote IP: '')".}$
^.\"remoteAddr\":\"\".Trusted domain error.*$
  1. Configure Nextcloud Jail:

[nextcloud]
enabled = true
port = 80,443,35653
protocol = tcp
filter = nextcloud
maxretry = 3
logpath = /var/snap/nextcloud/current/logs/nextcloud.log 
action = %(action_mwl)s
bantime = -1

Last updated