On Mon, Dec 24, 2018 at 6:31 AM ryanw <[email protected]> wrote:
> ... > > the 72.143.194.175 is the remote IP I'm testing from and 192.168.10.68 is > the nginx proxy IP. > > I have have edited the regex on fail2ban to match the remote IP and it is > being blocked successfully according to fail2ban but the connection can > still get through, because fail2ban is still allowing the 192.168.10.68 IP > address as well. > > If fail2ban were to block the reverse proxy IP, then absolutely no one would be able to use Guacamole until the ban expires. Blocking the remote IP is what you would want, but you'll need to do that on the reverse proxy itself. If your reverse proxy and Guacamole are on separate servers, you might need to forward logs from one system to the other, so that fail2ban can run correctly on the reverse proxy machine. - Mike
