Notes to self, running on Ubuntu 20.04. This is to ban access to a specific web page rather than a service like SSH.
Install fail2ban. pyinotify is the default backend.
sudo apt install inotify-tools inotify-hookable python-pyinotify
sudo apt install fail2banIn /etc/fail2ban, copy jail.conf to jail.local. Edit jail.local by uncommenting the ignoreip line and adding your IP address so you don’t accidentally lock yourself out.
ignoreip = 127.0.0.1/8 ::1 IP_ADDRESSIn /etc/fail2ban/filter.d create a file JAILNAME.conf with the text below:
[Definition]
failregex = ^<HOST> -.*"(GET|POST|HEAD) /PATHTOPAGE HTTP/1.1" 200
ignoreregex =
In /etc/fail2ban/jail.d create a file JAILNAME.conf with the text below:
[JAILNAME]
enabled = true
port = http,https
filter = JAILNAME
logpath = PATH_TO_LOGFILE
maxretry = 3
findtime = XXXXXX
bantime = XXXXXX
Test installation
service fail2ban restart
systemctl status fail2banCommon commands
fail2ban-client status
fail2ban-client status JAILNAME
sudo fail2ban-client set JAILNAME banip IP_ADDRESS
sudo fail2ban-client set JAILNAME unbanip IP_ADDRESS