How to Configure Fail2Ban

Notes to self, running on Ubuntu 20.04. This is to ban access to a specific web page rather than a service like SSH.

Install fail2ban. pyinotify is the default backend.

sudo apt install inotify-tools inotify-hookable python-pyinotify
sudo apt install fail2ban

In /etc/fail2ban, copy jail.conf to jail.local. Edit jail.local by uncommenting the ignoreip line and adding your IP address so you don’t accidentally lock yourself out.

ignoreip = ::1 IP_ADDRESS

In /etc/fail2ban/filter.d create a file JAILNAME.conf with the text below:


failregex = ^<HOST> -.*"(GET|POST|HEAD) /PATHTOPAGE HTTP/1.1" 200
ignoreregex =

In /etc/fail2ban/jail.d create a file JAILNAME.conf with the text below:

enabled = true
port    = http,https
filter  = JAILNAME
maxretry = 3
findtime = XXXXXX
bantime = XXXXXX

Test installation

service fail2ban restart
systemctl status fail2ban

Common commands

fail2ban-client status
fail2ban-client status JAILNAME
sudo fail2ban-client set JAILNAME banip IP_ADDRESS
sudo fail2ban-client set JAILNAME unbanip IP_ADDRESS