Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Harden Transmission and Apache2 Reverse Proxy with fail2ban

Fail2ban and Transmission with Apache2 Reverse Proxy

Prerequsits

User --https--> Apache2 --http--> Transmission

Short how-to harden your Transmission Server with Fail2Ban

Install fail2ban:

sudo apt update && sudo apt install fail2ban -y

Create the Transmission-filter:

sudo nano /etc/fail2ban/filter.d/apache-transmission.conf

Transmission will not write authentication errors in logs, but you have chance to track it via apache2 access.log as 401 error.

Paste the following lines, this will cover GUI Failed login and WebDAV:

[Definition]
failregex = ^<HOST> - - .*transmission.*HTTP/[0-9]+(.[0-9]+)?" 401
ignoreregex = 

Create a new jail:

sudo nano /etc/fail2ban/jail.d/apache-transmission.local

Paste the following rows:

[apache_transmission]
backend = auto
enabled = true
port = 80,443
protocol = tcp
filter = apache_transmission
#Number of retrys before to ban
maxretry = 5
#time in seconds
bantime = 36000
findtime = 36000
#Log path, on Ubuntu usually is following
logpath = /var/log/apache2/apache2.log

Re-start the fail2ban-service:

sudo service fail2ban restart

and enjoy your Transmission-Server!

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment