Resolved Can't configure Fail2ban for Nginx Auth

[Miguel Nunes]

I have a website which uses the authentication provided by the protected directory setting and I am using Nginx fully. There are no fail2ban jails for Nginx so I decided to create one.

This is what I did:

Created a Jail Filter named "nginx-auth":

[Definition]
failregex = no user/password was provided for basic authentication.*client: <HOST>
    user .* was not found in.*client: <HOST>
    user .* password mismatch.*client: <HOST>
ignoreregex = </host></host></host>

Then created the Jail and named it "nginx-auth":

[nginx-auth]
enabled = true
filter = nginx-auth
action = iptables-multiport[name="nginxauth", port="http,https", protocol="tcp"]
logpath = /var/www/vhosts/system/*/logs/error_log
/var/log/httpd/*error_log
maxretry = 3

I am looking for errors in the log with

# tail -f /var/www/vhosts/system/site.domain.tld/logs/error_log

But when the browser authentication pops up and I enter wrong login information, nothing happens. After 3 failed attempts, it's still going.

What could be wrong? I am not using Plesk's Firewall extension because my host has it's own firewall but Iptables is enabled.

 

[UFHH01]

Hi Miguel Nunes,

pls. have a look at this detailed DigitalOcean article: => How To Protect an Nginx Server with Fail2Ban on Ubuntu 14.04 | DigitalOcean

 

[Miguel Nunes]

It was the log path which was set to look for Apache's error logs instead of Nginx's.

Should be this:

/var/www/vhosts/system/*/logs/proxy_error_log
/var/log/nginx/*error.log