Opening a PR to add fail2ban support when deploying a lobste.rs instance.
Currently this installs fail2ban with a standard sshd jail, and a custom jail based on nginx req limiting.
There is a custom filter in place under roles/fail2ban/files/production/fail2ban/filter.d/nginx-req-limit.conf that will scrape /var/log/nginx/lobste.rs.access.log for any clients that made/attempted 10 requests in 60 seconds or less and then ban them for 7200 seconds.
Also added is a more standard sshd jail as well to secure ssh access to the host as well.
jstoja
commented
3 years ago
Opening a PR to add fail2ban support when deploying a lobste.rs instance.
Currently this installs fail2ban with a standard sshd jail, and a custom jail based on nginx req limiting.
There is a custom filter in place under roles/fail2ban/files/production/fail2ban/filter.d/nginx-req-limit.conf that will scrape /var/log/nginx/lobste.rs.access.log for any clients that made/attempted 10 requests in 60 seconds or less and then ban them for 7200 seconds.
Also added is a more standard sshd jail as well to secure ssh access to the host as well.