Implement fail2ban to prevent brute force attack on a web site (using standard user authentication); work when the number of tries = maxretry+1

fail2ban

I am working on an course assignment to implement fail2ban to prevent brute force attack on a web site (using standard user authentication). I have set up my apache web server as well as fail2ban setting in my jail.local as follow:

[apache-auth] enabled = true port = http,https logpath = /var/log/httpd/demo-error_log maxretry = 3 bantime = 300

The sequence only works on the 4th failed attempt to block/ 'ban' the ip. The IP address was captured correctly in my logfile.

When I do the debugging, I observed that the authentication part only kicks in after the 3rd attempt, and I can only succeed on the 4th attempt.

Changing the maxretry to '4', I succeed on the 5th attempt (,ie. succeed only on maxretry+1)

Where could be the possible issue(s)? For guidance please. Thank you!


Solution 1:

This is working as expected.

maxretry is how many attempts will be tolerated so you will get a ban after maxretry+1 attempts

reference: https://www.digitalocean.com/community/tutorials/how-fail2ban-works-to-protect-services-on-a-linux-server

Related

Cron job does not start at hh:10
How can I make my cronjob friendly to reboot and other interruptions?
How to determine if I'm logged in via SSH?
Ubuntu server as both a private NAT router and a public router
Group Policy Management Tools
How can I solve the error to open google chrome on the server?
"Failed to get shell PTY: Protocol error" for an nspawn container with systemd inside
Do I have to enter the public IP into the HOME_NET variable?
lvmcache/dm-cache writeback cache full performance
Dynamic Google hosted DNS zone update by DHCP
Do not recursion DNS queries
Postfix header_checks add X-Mailgun-Tag