docs: add fail2ban instructions
This commit is contained in:
Henrique Dias
34
www/docs/deployment.md
Normal file
34
www/docs/deployment.md
Normal file
@@ -0,0 +1,34 @@
|
||||
## Fail2ban
|
||||
|
||||
File Browser does not natively support protection against brute force attacks. Therefore, we suggest using something like [fail2ban](https://github.com/fail2ban/fail2ban), which takes care of that by tracking the logs of your File Browser instance. For more information on how fail2ban works, please refer to their [wiki](https://github.com/fail2ban/fail2ban/wiki).
|
||||
|
||||
### Filter Configuration
|
||||
|
||||
An example filter configuration targeted at matching File Browser's logs.
|
||||
|
||||
```ini
|
||||
[INCLUDES]
|
||||
before = common.conf
|
||||
|
||||
[Definition]
|
||||
datepattern = `^%%Y\/%%m\/%%d %%H:%%M:%%S`
|
||||
failregex = `\/[a-z]*\/[a-z]*: \d{3} <HOST> *`
|
||||
```
|
||||
|
||||
### Jail Configuration
|
||||
|
||||
An example jail configuration. You should fill it with the path of the logs of File Browser, as well as the port where it is running at.
|
||||
|
||||
```ini
|
||||
[filebrowser]
|
||||
|
||||
enabled = true
|
||||
port = [your_port]
|
||||
filter = filebrowser
|
||||
logpath = [your_log_path]
|
||||
maxretry = 10
|
||||
bantime = 10m
|
||||
findtime = 10m
|
||||
banaction = iptables-allports
|
||||
banaction_allports = iptables-allports
|
||||
```
|
||||
Reference in New Issue
Block a user