# Nextcloud Fail2Ban Regex

1. Add `nextcloud.conf` in `/etc/fail2ban/filter.d`

```bash
touch /etc/fail2ban/filter.d/nextcloud.conf
```

1. Add following Regex to file:

```bash
[Definition]
failregex=^{"reqId":".","remoteAddr":".","app":"core","message":"Login failed: '.' (Remote IP: '')","level":2,"time":"."}$
^{"reqId":".","level":2,"time":".","remoteAddr":".","app":"core".","message":"Login failed: '.' (Remote IP: '')".}$
^.\"remoteAddr\":\"\".Trusted domain error.*$
```

1. Configure Nextcloud Jail:

```bash
[nextcloud]
enabled = true
port = 80,443,35653
protocol = tcp
filter = nextcloud
maxretry = 3
logpath = /var/snap/nextcloud/current/logs/nextcloud.log 
action = %(action_mwl)s
bantime = -1
```