Reflexion will be End-of-life on March 31,2023. See Sophos Reflexion EoL FAQs to learn more.
Hello,
I'm using the Sophos UTM9 Home Edition, to secure my owncloud. Configured is this through integrated WAF.
This works quite nice, I miss only fail2ban here.
So to add fail2ban I used the RESTful-API:
https://www.sophos.com/en-us/medialibrary/PDFs/documentation/UTMonAWS/Sophos-UTM-RESTful-API.ashx
So fare I got everything up and running.
Using “PATCH“ api/objects/reverse_proxy/location/REF_RevLoc
2 Problems: access_control can only handle Network and Hosts. So I can’t use Groups to update the block list. That makes everything more complicate.
In case fail2ban finds an failed login the update command overwrites all existing IP’s under Site-Path-routing:
curl -X PATCH --header 'Content-Type: application/json' \ --header 'Accept: application/json' \ --header 'X-Restd-Err-Ack: all' \ --header 'X-Restd-Lock-Override: yes' \ --header 'Authorization: Basic access_token' -d \ '{"access_control":"1","allowed_networks":["REF_NetworkAny"],"auth_profile":"","backend":["REF_RevBacWEBHost"],"be_path":"","comment":"","denied_networks":["'"$DN"'"],"hot_standby":false,"name":"ProxyN","path":"/subtree","status":true,"stickysession_id":"ROUTEID","stickysession_status":false,"websocket_passthrough":true}' \ 'https://my.fw/api/objects/reverse_proxy/location/REF_RevLocProxyN' > /dev/null
Did I miss something here, is there an variable to keep existing values?
Someone else has facing this situation?
I really appreciate any help you can provide.
Hallo and welcome to the UTM Community!
In fact, the UTM's Intrusion Prevention system should make fail2ban redundant, so I doubt that anyone here will be able to help you with this.
Cheers - BobPS Moved this thread to the Web Server Security forum.
Hi Bob,
thanks for your feedback. I got it up and running; Finished this a couple of hours ago :)
The action config from fail2ban are working like a shell, sh not bash!
So the tricky part was the script for me, that keeps existing ban ip's and new ip's in one shut (curl -X PATCH) up and running.
What are the object limitations of the access_control field?
"Object limitations of the access_control field?" Keine Ahnung !
Cheers - Bob
Hab etliche fake Adressen erzeugt und eingetragen. So viele werden es hoffentlich nie werden, dann zieht man eh besser den Stecker :D