Skip to content

Instantly share code, notes, and snippets.

Embed
What would you like to do?
Fail2ban filter for gitlab. Tested with gitlab version 8.13 and fail2ban version 0.9.4
# cat /etc/fail2ban/filter.d/gitlab.conf
# fail2ban filter configuration for gitlab
# Author: Pawel Chmielinski
[Init]
maxlines = 6
[Definition]
# The relevant log file is in /var/log/gitlab/gitlab-rails/production.log
# Note that a single failure can appear in the logs up to 3 times with just one login attempt. Adjust your maxfails accordingly.
## Example fail - clone repo via https
#Started GET "/" for 10.0.0.91 at 2016-10-25 00:01:24 +0200
#Processing by RootController#index as HTML
#Completed 401 Unauthorized in 69ms (ActiveRecord: 23.7ms)
## Example fail - login via GUI
#Started GET "//chmielu/test.git/info/refs?service=git-upload-pack" for 10.0.0.91 at 2016-10-25 00:01:09 +0200
#Processing by Projects::GitHttpController#info_refs as */*
# Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"chmielu", "project_id"=>"test.git"}
#Filter chain halted as :authenticate_user rendered or redirected
#Completed 401 Unauthorized in 50ms (Views: 0.8ms | ActiveRecord: 8.1ms)
failregex = ^Started .* for <HOST> at .*<SKIPLINES>Completed 401 Unauthorized
ignoreregex =
@centerboy88

This comment has been minimized.

Copy link

centerboy88 commented Nov 28, 2017

great solution.... thanks

@jaytagdamian

This comment has been minimized.

Copy link

jaytagdamian commented Jul 9, 2018

File: /etc/fail2ban/jail.local

[gitlab]
enabled = true
port = http,https
filter = gitlab
logpath = /var/log/gitlab/gitlab-rails/production.log

@NaWer

This comment has been minimized.

Copy link

NaWer commented May 16, 2019

For gitlab 11, there is a repository : https://gitlab.com/MiGoller/gitlab-fail2ban-filter

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.