I wanted to know if someone else has the same problem as me or if someone were knowing how to debug it :
I'm currently searching how can I ban people who try to connect to my GLPI in order to protect it from bruteforcers. That's why I installed "Fail2ban" :
nano /etc/fail2ban/jail.conf
[glpi]
enabled = true
filter = glpi
port = http, https
logpath = /var/www/glpi/files/_log/event.log
maxretry = 3
nano /etc/fail2ban/filter.d/glpi.conf
[INCLUDES]
before = common.conf
[Definition]
failregex = Connexion échouée de \w+ depuis l\’IP <HOST>
ignoreregex =
/etc/init.d/fail2ban restart
But, when I try to see which lines match with my regex with this command :
fail2ban-regex /var/www/glpi/files/_log/event.log /etc/fail2ban/filter.d/glpi.conf /etc/fail2ban/filter.d/glpi.conf
I have no results (0 line matched).
Then, I decided to try this regex as ignoreregex :
nano /etc/fail2ban/filter.d/glpi.conf
[INCLUDES]
before = common.conf
[Definition]
failregex =
ignoreregex = Connexion échouée de \w+ depuis l\’IP <HOST>
And I make the same command as above (fail2ban-regex). I have the 20 lines "ignored" [imo, that proves that my regex is OK].
Bye, curumo29.
P.S : The tag <HOST> is the same as (?:::f{4,6}:)?(?P<host>\S+) which permits to get and block the IP address of the bruteforcer with iptables [this tag is mandatory by fail2ban]
