60 lines
1.5 KiB
Plaintext
60 lines
1.5 KiB
Plaintext
#
|
|
# Example of rule you can add to fail2ban to restrict bruteforce attacks.
|
|
#
|
|
|
|
|
|
[web-accesslog-limit403]
|
|
|
|
; rule against call of 403 forbidden access
|
|
; note: you must change the path of log file to the one of the web server for the virtual host of the Dolibarr
|
|
enabled = true
|
|
port = http,https
|
|
filter = web-accesslog-limit403
|
|
logpath = /var/log/apache2/access.log
|
|
;logpath = /var/log/apache2/other_vhosts_access.log
|
|
action = %(action_mw)s
|
|
bantime = 4320000 ; 50 days
|
|
findtime = 86400 ; 1 day
|
|
maxretry = 100
|
|
|
|
|
|
[web-dol-bruteforce]
|
|
|
|
; rule against bruteforce hacking (login + api)
|
|
enabled = true
|
|
port = http,https
|
|
filter = web-dolibarr-rulesbruteforce
|
|
logpath = /mypath/documents/documents/dolibarr.log
|
|
action = %(action_mw)s
|
|
bantime = 86400 ; 1 day
|
|
findtime = 14400 ; 4 hours
|
|
maxretry = 20
|
|
|
|
|
|
[web-dol-passforgotten]
|
|
|
|
; rule against call of passwordforgottenpage
|
|
enabled = true
|
|
port = http,https
|
|
filter = web-dolibarr-rulespassforgotten
|
|
logpath = /mypath/documents/documents/dolibarr.log
|
|
action = %(action_mw)s
|
|
bantime = 4320000 ; 50 days
|
|
findtime = 86400 ; 1 day
|
|
maxretry = 10
|
|
|
|
|
|
[web-dol-limitpublic]
|
|
|
|
; rule to add rate limit on some public pages
|
|
; note: you must keep enough for public access like agenda export, emailing trackers, stripe ipn access, ...
|
|
enabled = true
|
|
port = http,https
|
|
filter = web-dolibarr-limitpublic
|
|
logpath = /mypath/documents/documents/dolibarr.log
|
|
action = %(action_mw)s
|
|
bantime = 86400 ; 1 day
|
|
findtime = 86400 ; 1 day
|
|
maxretry = 1000
|
|
|