Skip to content

Instantly share code, notes, and snippets.

@GAS85

GAS85/apache2_transmission_fail2ban.md

Created June 22, 2020 08:04
Show Gist options
  • Star 1 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save GAS85/029b2c1b962087a18a376f3486ec5105 to your computer and use it in GitHub Desktop.
Save GAS85/029b2c1b962087a18a376f3486ec5105 to your computer and use it in GitHub Desktop.
Download ZIP
Harden Transmission and Apache2 Reverse Proxy with fail2ban
Raw
apache2_transmission_fail2ban.md

Fail2ban and Transmission with Apache2 Reverse Proxy

Prerequsits

User --https--> Apache2 --http--> Transmission

Short how-to harden your Transmission Server with Fail2Ban

Install fail2ban:

sudo apt update && sudo apt install fail2ban -y

Create the Transmission-filter:

sudo nano /etc/fail2ban/filter.d/apache-transmission.conf

Transmission will not write authentication errors in logs, but you have chance to track it via apache2 access.log as 401 error.

Paste the following lines, this will cover GUI Failed login and WebDAV:

[Definition]
failregex = ^<HOST> - - .*transmission.*HTTP/[0-9]+(.[0-9]+)?" 401
ignoreregex =

Create a new jail:

sudo nano /etc/fail2ban/jail.d/apache-transmission.local

Paste the following rows:

[apache_transmission]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = apache_transmission
#Number of retrys before to ban
maxretry = 5
#time in seconds
bantime = 36000
findtime = 36000
#Log path, on Ubuntu usually is following
logpath = /var/log/apache2/apache2.log

Re-start the fail2ban-service:

sudo service fail2ban restart

and enjoy your Transmission-Server!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment