I have server with Debian 9.
I have installed fail2ban and configured it. It work with sshd (ban IP on failed logins) but i can't make it work with apache-auth (IP is ban but iptables don't block it).
jail.local look like:
[DEFAULT]
bantime = 720h
findtime = 60m
banaction = iptables
mta = sendmail
destemail = my-email@example.com
action = %(action_mw)s
maxretry = 2
[sshd]
enabled = true
[apache-auth]
enabled = true
When i run compand:
fail2ban-client status sshd
it show banned IP.
When i run command:
iptables -L -n
It show IPs from previous command. So it's working correct.
When i run:
fail2ban-client status apache-auth
It show ban IP (me).
iptables -L -n
Don't show any IP from previous list.
Can be important iptables shows:
Chain f2b-apache-auth (0 references)
And i still can connect to server via WWW. Exactly same issue i had with nginx so i switched to apache, i was thinking this will solve my issue.
Best Answer
My jail.conf part for apache looks a bit different
You can find the loaded configuration with
You said you are testing locally. Make sure your IP not in the netmask given in
ignoreip
.As the action is probably triggered in your case have a look for the entry
actionban
there and see if it actually adds the desired iptables rule.Maybe
var/log/fail2ban.log
has more information?