Bitwarden Fail2Ban config (Login Attempts)

This filter checks bitwardens access.log (nginx) for HTTP code 400 for the path identity/connect/token

Docker setup with Host Reverse Proxy

copy filter.d/bitwarden_docker_host_reverse_proxy.conf to /etc/fail2ban/filter.d/bitwarden.conf

add this to /etc/fail2ban/jail.local:

[bitwarden]
enabled = true
filter = bitwarden
logpath = /path/to/your/bwdata/logs/nginx/access.log
maxretry = 5
bantime = 300
port = http,https

adjust maxretry and bantime

test with sudo fail2ban-regex /path/to/your/bwdata/logs/nginx/access.log /etc/fail2ban/filter.d/bitwarden

If your log records only show docker internal ip addresses try to adjust the real_ips property in bwdata/config.yml:

# Defined as a dictionary, e.g.:
# real_ips: ['10.10.0.0/24', '172.16.0.0/16']
real_ips:
- 10.0.0.0/8
- 172.16.0.0/12
- 192.168.0.0/16

Docker-only Setup

copy filter.d/bitwarden_docker.conf to /etc/fail2ban/filter.d/bitwarden.conf

add this to /etc/fail2ban/jail.local:

[bitwarden]
enabled = true
filter = bitwarden
logpath = /path/to/your/bwdata/logs/nginx/access.log
chain = DOCKER-USER
maxretry = 5
bantime = 1h
port = 8080,8443

adjust maxretry and bantime

test with sudo fail2ban-regex /path/to/your/bwdata/logs/nginx/access.log /etc/fail2ban/filter.d/bitwarden

Name		Name	Last commit message	Last commit date
Latest commit History 6 Commits
filter.d		filter.d
readme.md		readme.md

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Repository files navigation

Bitwarden Fail2Ban config (Login Attempts)

Docker setup with Host Reverse Proxy

Docker-only Setup

About

Releases

Packages

Contributors 2

movcmpret/bitwarden-fail2ban

Folders and files

Latest commit

History

Repository files navigation

Bitwarden Fail2Ban config (Login Attempts)

Docker setup with Host Reverse Proxy

Docker-only Setup

About

Resources

Stars

Watchers

Forks

Releases

Packages 0

Contributors 2

Packages