search

phiilu / mailman

Mailman is a GUI to help you manage your email accounts stored in a MySQL/MariaDB database.
MIT License
70 stars 10 forks source link

Client Ip log #28

Closed wuha closed 6 years ago

wuha commented 6 years ago

Is there a way to write the IP address of the client to the log if a login fails? Then i can use Fail2ban to protect brutforce.

ghost commented 6 years ago

Just define the access_log parameter within the nginx configuration:

access_log /var/log/nginx/domain.tld/mailman.domain.tld/access.log;

In the case of a login attempt, a corresponding entry is added to the access_log for the /api/auth/authenticate API path, including the IP address and the HTTP status code (401 -> Forbidden; 200 -> OK).

Log entry of a failed login:

233b:d42:1cd4:3de5:dd6f:d78e:ad8f:6fa4 - - [20/Jul/2018:20:56:45 +0200] "POST /api/auth/authenticate HTTP/1.1" 401 34 "https://mailman.domain.tld/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"

Log entry of a successful login:

233b:d42:1cd4:3de5:dd6f:d78e:ad8f:6fa4 - - [20/Jul/2018:21:02:40 +0200] "POST /api/auth/authenticate HTTP/1.1" 200 199 "https://mailman.domain.tld/" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/67.0.3396.99 Safari/537.36"

wuha commented 6 years ago

All right. Works great. Thank you.

ghost commented 6 years ago

You're welcome!

phiilu commented 6 years ago

Thank you so much @Lonkey !!!