Hey guys. I’ve been spending the last few months setting up my home server. Lot’s of troubleshooting was needed, since I am somewhat of a beginner.

Now fail2ban works really well. In fact, it works too well. I’ve banned myself on some occasions. Here is how I set it up:

I have a filter/jail, that looks for forcefull browsing using the nginx proxy manager access logs. I’ve used the following filter:

[INCLUDES]

[Definition]

failregex = ^.* (405|404|403|401|\-) (405|404|403|401) - .* \[Client <HOST>\] \[Length .*\] .* \[Sent-to <F-CONTAINER>.*</F-CONTAINER>\] <F-USERAGENT>".*"</F-USERAGENT> .*$

ignoreregex = ^.* (404|\-) (404) - .*".*(\.png|\.txt|\.jpg|\.ico|\.js|\.css|\.ttf|\.woff|\.woff2)(/)*?" \[Client <HOST>\] \[Length .*\] ".*" .*$

This fishes out all those errors - so far, so good. The problem is, that for some reason, my nextcloud install throws a lot of those errors every now and then. I have no clue why. Everything works, file transfers, browsing the web ui, settings - no trouble. Still, those errors show up in the npm log, for example:

[22/Jun/2023:18:44:24 +0200] - 404 404 - GET https ###SERVERURL### "/remote.php/dav/files/Pete90/Upload/Scan/Z/2023-06-22%2011-27%201.pdf" [Client ###IP### [Length 218] [Gzip -] [Sent-to ###SERVERLANIP###] "Mozilla/5.0 (Android) Nextcloud-android/3.25.0" "-"

This must habe been the android nextcloud app, as it was automatically uploading some files.

Now here is where I need help. I’ve started adding things to the ignoreregex and this works as a workaround. But new error types show up every now and then which I have not added an ignoreregex for. This seems inefficient:

|.*PROPFIND.*files/Pete90.*Gzip.*|/ocs/v2.php/apps/text/workspace\?path=.2F|.*(?:/index.php/.well-known/nodeinfo|/index.php/.well-known/webfinger)|.*/core/preview.*$    ADD MORE LIKE THIS |.*REGEXYOUWANTTOIGNORE.*$

What would you do, to prevent this? Is there something wrong with my nextcloud setup? Can I find a more general regex than the ones I used? Simply exclude nextcloud from the forcefull browsing filter (I’ve setup a different filter/jail for nextcloud itself). Any input is appreciated!

  • Pete90@feddit.deOP
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    This could very well be, since I let the app upload all my photos automatically, which I then sort through on my pc.