fastjames
commented
7 months ago I'm coming back to this project after a substantial break, and it looks like there hasn't been much activity since I first posed the question. I have read over the fail2ban feature a few more times, and here's how I understand it:
The fail2ban feature works when a specific request (e.g. "GET /wp-admin/") is easily identifiable as naughty in the context of your application. The existence of such requests is sufficient evidence that the IP from which the request originated should be banned (subject to the config options for time windows).
Based on that understanding, I think the original issue description above still makes sense -- it's not possible to know at receipt time whether a login request will fail, so the current fail2ban logic would not work if we only want to block on failed login attempts.
Does all of that sound correct?
I have read over the source and a couple of example articles about how to use this library, but I think my use case may fall a bit outside of those examples. I would like to use it to apply fail2ban to usernames and IPs, but only for failed login attempts. This means that the check and track actions would need to happen in separate locations.
I believe I could write my own rule module that allows me to track and check separately, but I figured I would ask in case there's a more straightforward approach.