Dimas Maulana
Dimas Maulana

How to Use Fail2Ban to Block Laravel Auth Attempts and Other Auth/Login URL Access

Dimas Maulana Development
 

Fail2Ban is a valuable security tool that can help protect your server from unauthorized access attempts, including those targeting Laravel’s authentication system. In this article, we’ll guide you through setting up Fail2Ban to block authentication attempts and access to the /auth/login URL.

Prerequisites

Before we get started, make sure you have the following prerequisites in place:

  1. Fail2Ban Installed: Ensure that Fail2Ban is installed on your server. You can install it using your distribution’s package manager (e.g., apt, yum, dnf).

  2. Apache Web Server: This tutorial assumes you’re using the Apache web server. If you’re using a different web server, you’ll need to adjust the configuration accordingly.

Configuring Fail2Ban

Step 1: Create a Filter for Auth/Login Attempts

Create a custom filter to match authentication attempts to the /auth/login URL. Create or edit the /etc/fail2ban/filter.d/login-auth.conf file with the following content:

1
2
3

[Definition]
failregex = ^<HOST> .* "POST /auth/login
ignoreregex =

This filter definition will look for log lines containing <HOST> (the IP address) and “POST /auth/login.”

Step 2: Create a Jail for Auth/Login Attempts

Next, create a jail configuration in the /etc/fail2ban/jail.local file. Add the following lines:

1
2
3
4
5
6
7
8

[auth-login]
enabled = true
filter = auth-login
logpath = /var/log/apache2/access.log
action = iptables-multiport[name=NoAuthFailures, port="http,https"]
banTime = 3600
findtime = 60
maxRetry = 3
  • enabled: Set to true to enable this jail.
  • filter: This should match the name of the filter you created earlier (auth-login).
  • logpath: Specify the path to your Apache access log file.
  • action: Use the iptables-multiport action to block IP addresses.
  • banTime: The duration (in seconds) for which an IP address will be banned (1 hour in this case).
  • findtime: The time window (in seconds) during which Fail2Ban will look for repeated login attempts (60 seconds in this case).
  • maxRetry: The number of failed login attempts that trigger a ban (3 attempts in this case).

Step 3: Restart Fail2Ban

After making these changes, restart Fail2Ban to apply the new configuration:

1

sudo service fail2ban restart

Testing the Configuration

To test if Fail2Ban is working correctly, attempt to access the /auth/login URL multiple times from a different IP address. After reaching the maximum number of allowed retries (maxRetry), Fail2Ban should ban the IP address for the specified banTime.

You can check the status of banned IP addresses using the following command:

1

sudo fail2ban-client status auth-login

Conclusion

By following these steps, you can configure Fail2Ban to block Laravel authentication attempts and access to the /auth/login URL. This helps enhance the security of your server by automatically banning IP addresses that exhibit suspicious behavior.

Updated on 27-11-2015 
Back | Home
0%