Hi all, I have installed guacamole on port 8080 and nginx to have https
access. All seems to work correctly.
Now I would like to configure fail2ban to check failing logs. Adding to
fail2ban the rule
failregex = ^.*WARNÂ o\.a\.g\.r\.auth\.AuthenticationService -
Authentication attempt from <HOST> for user "[^"]*" failed\.$
permit to fail2ban to find failing logs but only if they are from port
8080. If they use the nginx https port doesn't
In effect in the guacamole logs in case of 8080 port failing access the
log is:
13:32:55.059 [http-nio-8080-exec-3] WARN
o.a.g.r.auth.AuthenticationService - Authentication attempt from
192.168.64.90 for user "user" failed.
But if I use the nginx https port I can find
13:33:23.598 [http-nio-8080-exec-5] WARN
o.a.g.r.auth.AuthenticationService - Authentication attempt from
[192.168.64.90, 127.0.0.1] for user "user" failed.
Probably fail2ban can check the host when the logged ip is
[192.168.64.90, 127.0.0.1]
Someone can help me to write the failregex rule to have fail2ban
correctly get the ip to ban on failing logs even from nginx https port?
Piviul
---------------------------------------------------------------------
To unsubscribe, e-mail: user-unsubscr...@guacamole.apache.org
For additional commands, e-mail: user-h...@guacamole.apache.org