joelang6126 9 Posted April 4, 2022 Posted April 4, 2022 (edited) Anyone got a working f2b filter/regex for the lateste versions of emby? I ahd this running for a long time hwever f2b can't seem to read the log anymore. Here's the orginal is was using.... # Fail2Ban for emby # # [Definition] failregex = Warn Server: AUTH-ERROR <HOST> - Invalid username or password entered. HTTP Response 401 to <HOST>. Here's the section form the emby log 2022-04-04 20:00:07.012 Info HttpClient: POST https://connect.emby.media/service/user/authenticate 2022-04-04 20:00:07.233 Warn Server: AUTH-ERROR: REDACTED - Invalid username or password entered. 2022-04-04 20:00:07.233 Error Server: Invalid username or password entered. Edited April 4, 2022 by joelang6126
CassTG 113 Posted April 5, 2022 Posted April 5, 2022 This is the expression i use in both the root os and within Swag Proxy docker (which has a secondary fail2ban because why not lol) # Fail2Ban for emby # # [Definition] failregex = AUTH-ERROR: <HOST> - Invalid user HTTP Response 401 to <HOST>. ignoreregex = This catches both incorrect username and / or incorrect password attempts Just tested it and both Fail2ban instances blocked my ip 1
joelang6126 9 Posted April 7, 2022 Author Posted April 7, 2022 On 05/04/2022 at 09:37, CassTG said: This is the expression i use in both the root os and within Swag Proxy docker (which has a secondary fail2ban because why not lol) # Fail2Ban for emby # # [Definition] failregex = AUTH-ERROR: <HOST> - Invalid user HTTP Response 401 to <HOST>. ignoreregex = This catches both incorrect username and / or incorrect password attempts Just tested it and both Fail2ban instances blocked my ip Excellent Cass thank you kindly!
xe` 45 Posted March 11, 2023 Posted March 11, 2023 I have been testing this regex and whilst it definitely work I do not think the second match is actually needed. Specifically has anyone seen an example where a 401 log is not preceded by a AUTH-ERROR log. If not then something like this may be less expensive ## Version 2023/03/11 # Fail2Ban filter for emby [INCLUDES] before = common.conf [Definition] _daemon = emby-server failregex = Server: AUTH-ERROR:\ <HOST>\ - ignoreregex = Would appreciate any testing anyone can do before I PR this.
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now