diff options
Diffstat (limited to 'docs/advanced/security/firewall.md')
| -rw-r--r-- | docs/advanced/security/firewall.md | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/docs/advanced/security/firewall.md b/docs/advanced/security/firewall.md index c94dce75a..d2bb72e58 100644 --- a/docs/advanced/security/firewall.md +++ b/docs/advanced/security/firewall.md @@ -82,3 +82,9 @@ Both SSHGuard and fail2ban ship with "backends" that can target iptables and nft * [ArchWiki](https://wiki.archlinux.org/title/sshguard) on sshguard * [FreeBSD manual](https://man.freebsd.org/cgi/man.cgi?query=sshguard&sektion=8&manpath=FreeBSD+13.2-RELEASE+and+Ports) for sshguard * [SSHGuard setup](https://manpages.ubuntu.com/manpages/lunar/en/man7/sshguard-setup.7.html) manual for Ubuntu + +For fail2ban, you can use the following regex, which triggers fail2ban on failed logins and not another 'Unauthorized' errors (API for example): + +```regex +statusCode=401 path=/auth/sign_in clientIP=<HOST> .* msg=\"Unauthorized: +``` |