How do I setup the built in Fail2Ban actions for the Apache server?

SYSTEM INFORMATION
OS type and version Debian Linux 10
Webmin version 2.013

Fail2Ban Intrusion Detector in webmin has a lot of built in options, under Match actions, Log filters etc, but none of these are autoamtically enabled by default, can someone walk me through setting some of these up to protect the website from bots/known bad IPs?

Lets start with “abuseipdb” match rule, I would assume you need to edit to add an API as when clicking it shows a command run curl --fail --ciphers ecdhe_ecdsa_aes_256_sha --data 'key=<abuseipdb_apikey>' --data-urlencode 'comment=<matches>' --data 'ip=<ip>' --data 'category=<abuseipdb_category>' "https://www.abuseipdb.com/report/json"

But how do I get this to actually work? how do I enable it to check visitors of all websites I have in virtualmin?

@T0m,

At the most basic level, you navigate to “Webmin > Networking > Fail2Ban Intrusion Detector > Filter Action Jails”, click on the jail you want to enable…

Toggle “Currently enabled” to “Yes”, click “Save”…

Go back “Fail2Ban Intrusion Detector” main screen and click “Restart Fail2Ban Server” for the settings to take effect.

In some cases, additional settings may require adjustment.

1 Like