I'm using the Sophos UTM9 Home Edition, to secure my owncloud. Configured is this through integrated WAF.
This works quite nice, I miss only fail2ban here.
So to add fail2ban I used the RESTful-API:
So fare I got everything up and running.
Using “PATCH“ api/objects/reverse_proxy/location/REF_RevLoc
2 Problems: access_control can only handle Network and Hosts. So I can’t use Groups to update the block list. That makes everything more complicate.
In case fail2ban finds an failed login the update command overwrites all existing IP’s under Site-Path-routing:
curl -X PATCH --header 'Content-Type: application/json' \
--header 'Accept: application/json' \
--header 'X-Restd-Err-Ack: all' \
--header 'X-Restd-Lock-Override: yes' \
--header 'Authorization: Basic access_token' -d \
'https://my.fw/api/objects/reverse_proxy/location/REF_RevLocProxyN' > /dev/null
Did I miss something here, is there an variable to keep existing values?
Someone else has facing this situation?
I really appreciate any help you can provide.
Hallo and welcome to the UTM Community!
In fact, the UTM's Intrusion Prevention system should make fail2ban redundant, so I doubt that anyone here will be able to help you with this.
Cheers - BobPS Moved this thread to the Web Server Security forum.
thanks for your feedback. I got it up and running; Finished this a couple of hours ago :)
The action config from fail2ban are working like a shell, sh not bash!
So the tricky part was the script for me, that keeps existing ban ip's and new ip's in one shut (curl -X PATCH) up and running.
What are the object limitations of the access_control field?
"Object limitations of the access_control field?" Keine Ahnung !
Cheers - Bob
Hab etliche fake Adressen erzeugt und eingetragen. So viele werden es hoffentlich nie werden, dann zieht man eh besser den Stecker :D