Skip to content

Instantly share code, notes, and snippets.

@pawilon
Created October 24, 2016 22:57
Show Gist options
  • Save pawilon/238c278d3c6c4669771eb81b03264acd to your computer and use it in GitHub Desktop.
Save pawilon/238c278d3c6c4669771eb81b03264acd to your computer and use it in GitHub Desktop.
Fail2ban filter for gitlab. Tested with gitlab version 8.13 and fail2ban version 0.9.4
# cat /etc/fail2ban/filter.d/gitlab.conf
# fail2ban filter configuration for gitlab
# Author: Pawel Chmielinski
[Init]
maxlines = 6
[Definition]
# The relevant log file is in /var/log/gitlab/gitlab-rails/production.log
# Note that a single failure can appear in the logs up to 3 times with just one login attempt. Adjust your maxfails accordingly.
## Example fail - clone repo via https
#Started GET "/" for 10.0.0.91 at 2016-10-25 00:01:24 +0200
#Processing by RootController#index as HTML
#Completed 401 Unauthorized in 69ms (ActiveRecord: 23.7ms)
## Example fail - login via GUI
#Started GET "//chmielu/test.git/info/refs?service=git-upload-pack" for 10.0.0.91 at 2016-10-25 00:01:09 +0200
#Processing by Projects::GitHttpController#info_refs as */*
# Parameters: {"service"=>"git-upload-pack", "namespace_id"=>"chmielu", "project_id"=>"test.git"}
#Filter chain halted as :authenticate_user rendered or redirected
#Completed 401 Unauthorized in 50ms (Views: 0.8ms | ActiveRecord: 8.1ms)
failregex = ^Started .* for <HOST> at .*<SKIPLINES>Completed 401 Unauthorized
ignoreregex =
@boospy
Copy link

boospy commented Mar 23, 2024

Strange, as soon as you post something, you find the solution...

fail2ban/fail2ban#3566 (comment)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment