Add fail2ban for api - Githubissues

YunoHost-Apps / freshrss_ynh

FreshRSS package for YunoHost

https://freshrss.org

GNU Affero General Public License v3.0

29 stars 20 forks source link

Add fail2ban for api #62

Open plopoyop opened 5 years ago

plopoyop commented 5 years ago

As requested into : https://github.com/YunoHost-Apps/freshrss_ynh/issues/57#issuecomment-440567480

lapineige commented 3 years ago

Is that implemented ?

plopoyop commented 3 years ago

into the nginx access logs we can find 401 errors when there is a wrong password :

 IPADDRESS - - [20/Apr/2021:08:05:49 +0200] "GET /rss/api/greader.php/accounts/ClientLogin?Email=clement&Passwd=wrongpass HTTP/2.0" 401 13 "-" "curl/7.71.1"

There is also this in data/users/_/log_api.txt :

[Tue, 20 Apr 2021 08:11:17 +0200] [warning] --- unauthorized() Array
(
    [date] => 2021-04-20T08:11:17+02:00
    [headers] => Array
        (
            [Accept] => */*
            [User-Agent] => curl/7.71.1
            [Host] => example.net
            [Content-Length] => 
            [Content-Type] => 
        )

    [_SERVER] => Array
        (
            [USER] => freshrss
            [HOME] => /home/freshrss
            [PATH_TRANSLATED] => /var/www/freshrss/p/accounts/ClientLogin
            [ORIG_SCRIPT_FILENAME] => /var/www/freshrss/p/api/greader.php/accounts/ClientLogin
            [HTTP_ACCEPT] => */*
            [HTTP_USER_AGENT] => curl/7.71.1
            [HTTP_HOST] => example.net
            [SCRIPT_FILENAME] => /var/www/freshrss/p/api/greader.php
            [PATH_INFO] => /accounts/ClientLogin
            [REMOTE_USER] => 
            [REDIRECT_STATUS] => 200
            [SERVER_NAME] => example.net
            [SERVER_PORT] => 443
            [SERVER_ADDR] => X.X.X.X
            [REMOTE_PORT] => 46748
            [REMOTE_ADDR] => Y.Y.Y.Y
            [SERVER_SOFTWARE] => nginx/1.14.2
            [GATEWAY_INTERFACE] => CGI/1.1
            [HTTPS] => on
            [REQUEST_SCHEME] => https
            [SERVER_PROTOCOL] => HTTP/2.0
            [DOCUMENT_ROOT] => /var/www/freshrss/p/
            [DOCUMENT_URI] => /rss/api/greader.php/accounts/ClientLogin
            [REQUEST_URI] => /rss/api/greader.php/accounts/ClientLogin?Email=clement&Passwd=wrongpass
            [SCRIPT_NAME] => /rss/api/greader.php
            [CONTENT_LENGTH] => 
            [CONTENT_TYPE] => 
            [REQUEST_METHOD] => GET
            [QUERY_STRING] => Email=clement&Passwd=wrongpass
            [FCGI_ROLE] => RESPONDER
            [PHP_SELF] => /rss/api/greader.php/accounts/ClientLogin
            [REQUEST_TIME_FLOAT] => 1618899077.0317
            [REQUEST_TIME] => 1618899077
        )

    [_GET] => Array
        (
            [Email] => clement
            [Passwd] => wrongpass
        )

    [_POST] => Array
        (
        )

    [_COOKIE] => Array
        (
        )

    [INPUT] => 
)

But since it is a multi line log, I am not sure it is usable with fail2ban

lapineige commented 3 years ago

Do we have fail2ban implemented somewhere in the app ? I can't find anything about it :thinking:

gwen-lg commented 10 months ago

This is implemented, and issue could be closed ?