I would like to add a specific list of IPs for which I would like to get an email from Fail2ban after they make a couple of "GET" requests.
The pattern to look for in apache's access logs is ^1.2.3.4 – .*$ but fail2ban-regex fails
(and I can't blame it) by saying:
Cannot remove regular expression. Index 0 is not valid
No 'host' group in ^1.2.3.4 – .*$
Is there anyway I can set the "HOST" variable in custom filters/jails?
Best Answer
The regex needs to have a (parentheses) grouping for the IP address so fail2ban knows what IP to ban:
In your case, your regex should be