Skip to content

Instantly share code, notes, and snippets.

@infeeeee

infeeeee/Tt-rss-fail2ban.md

Created November 2, 2018 23:08
Show Gist options
  • Save infeeeee/991ab1cee2de7ecf3e57f559660dd1fa to your computer and use it in GitHub Desktop.
Save infeeeee/991ab1cee2de7ecf3e57f559660dd1fa to your computer and use it in GitHub Desktop.
Download ZIP
Tt-rss fail2ban
Raw
Tt-rss-fail2ban.md

Based on this comment: https://tt-rss.org/oldforum/viewtopic.php?p=18518&sid=cd24b02164d5690e0384795fc4a36c44#p18518 I updated the regex so it works with newer tt-rss versions and ported to nginx. tested on tt-rss18.8, behind nginx

Set up Tt-rss

edit config.php in tt-rss dir change the following line , so the parameter value is empty:

define('LOG_DESTINATION', '');

Set up nginx

server {
    ...
    error_log  /var/log/nginx/tt-rss-error.log;
}

Create jail

nano /etc/fail2ban/jail.local add this to the end of the file:

[tt-rss]
enabled  = true
port     = http,https
filter   = tt-rss
logpath  = /var/log/nginx/tt-rss-error.log
maxretry = 3

Copy filter, after downloaded from below

cp tt-rss.conf /etc/fail2ban/filter.d/tt-rss.conf

Restart fail2ban

service fail2ban restart
Raw
tt-rss.conf
# Fail2Ban filter for tt-rss
#
[INCLUDES]
# Read common prefixes. If any customizations available -- read them from
# common.local
before = common.conf
[Definition]
failregex = ^.*Failed login attempt for .* from <HOST> .*$
ignoreregex =
# DEV Notes:
#
# pattern :
# 2018/11/02 23:20:15 [error] 967#967: *398052 FastCGI sent in stderr: "PHP message: PHP Warning: Failed login attempt for username from 123.123.123.123 in /path/to/tt-rss/classes/handler/public.php on line 505" while reading response header from upstream, client: 123.123.123.123, server: , request: "POST /public.php?return=%2F HTTP/2.0", upstream: "fastcgi://unix:/var/run/fpm-123.sock:", host: "hosturl.com:port", referrer: "https://hosturl.com/"
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment