github-starred/vaultwarden
2
0
Fork 0
mirror of https://github.com/dani-garcia/vaultwarden.git synced 2026-05-24 00:53:23 -05:00
Code Issues 307 Packages Projects Releases 83 Wiki Activity

fail2ban not banning #315

New Issue
Closed
opened 2025-11-07 06:32:26 -06:00 by GiteaMirror · 1 comment
GiteaMirror commented 2025-11-07 06:32:26 -06:00
Owner
Copy Link

Originally created by @uchagani on GitHub (Jun 8, 2019).

I can't get fail2ban to ban any ip addresses.

I'm running bitwarden_rs behind a reverse proxy (caddy). My caddy ports are 8343 and 4112 (websocket)

my conf file:

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$
ignoreregex =

My jail file:

[bitwarden]
enabled = true
port = 80,443,8081,3012,8343
filter = bitwarden
action = iptables-allports[name=bitwarden]
logpath = /home/admin/bw-data/bitwarden.log
maxretry = 3
bantime = 60
findtime = 60

My bitwarden_rs log file message:

[2019-06-07 21:21:30][bitwarden_rs::error][ERROR] Username or password is incorrect. Try again. IP: 4108:73af:7d2a:15b5:e677:e790:5420:c45b. Username: myemail@gmail.com.

I've verified that fail2ban is loading the bitwarden configs:

2019-06-07 21:24:36,756 fail2ban.jail           [11049]: INFO    Creating new jail 'bitwarden'
2019-06-07 21:24:36,756 fail2ban.jail           [11049]: INFO    Jail 'bitwarden' uses pyinotify {}
2019-06-07 21:24:36,764 fail2ban.jail           [11049]: INFO    Initiated 'pyinotify' backend
2019-06-07 21:24:36,766 fail2ban.filter         [11049]: INFO    Set findtime = 60
2019-06-07 21:24:36,767 fail2ban.filter         [11049]: INFO    Set maxRetry = 3
2019-06-07 21:24:36,769 fail2ban.filter         [11049]: INFO    Added logfile = /home/admin/bw-data/bitwarden.log
2019-06-07 21:24:36,771 fail2ban.filter         [11049]: INFO    Set jail log file encoding to ANSI_X3.4-1968
2019-06-07 21:24:36,771 fail2ban.actions        [11049]: INFO    Set banTime = 60
2019-06-07 21:24:36,789 fail2ban.jail           [11049]: INFO    Jail 'sshd' started
2019-06-07 21:24:36,800 fail2ban.jail           [11049]: INFO    Jail 'bitwarden' started

Any ideas why fail2ban isn't banning users?

Originally created by @uchagani on GitHub (Jun 8, 2019). I can't get fail2ban to ban any ip addresses. I'm running bitwarden_rs behind a reverse proxy (caddy). My caddy ports are `8343` and `4112` (websocket) my conf file: ``` [INCLUDES] before = common.conf [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$ ignoreregex = ``` My jail file: ``` [bitwarden] enabled = true port = 80,443,8081,3012,8343 filter = bitwarden action = iptables-allports[name=bitwarden] logpath = /home/admin/bw-data/bitwarden.log maxretry = 3 bantime = 60 findtime = 60 ``` My bitwarden_rs log file message: ``` [2019-06-07 21:21:30][bitwarden_rs::error][ERROR] Username or password is incorrect. Try again. IP: 4108:73af:7d2a:15b5:e677:e790:5420:c45b. Username: myemail@gmail.com. ``` I've verified that fail2ban is loading the bitwarden configs: ``` 2019-06-07 21:24:36,756 fail2ban.jail [11049]: INFO Creating new jail 'bitwarden' 2019-06-07 21:24:36,756 fail2ban.jail [11049]: INFO Jail 'bitwarden' uses pyinotify {} 2019-06-07 21:24:36,764 fail2ban.jail [11049]: INFO Initiated 'pyinotify' backend 2019-06-07 21:24:36,766 fail2ban.filter [11049]: INFO Set findtime = 60 2019-06-07 21:24:36,767 fail2ban.filter [11049]: INFO Set maxRetry = 3 2019-06-07 21:24:36,769 fail2ban.filter [11049]: INFO Added logfile = /home/admin/bw-data/bitwarden.log 2019-06-07 21:24:36,771 fail2ban.filter [11049]: INFO Set jail log file encoding to ANSI_X3.4-1968 2019-06-07 21:24:36,771 fail2ban.actions [11049]: INFO Set banTime = 60 2019-06-07 21:24:36,789 fail2ban.jail [11049]: INFO Jail 'sshd' started 2019-06-07 21:24:36,800 fail2ban.jail [11049]: INFO Jail 'bitwarden' started ``` Any ideas why fail2ban isn't banning users?
GiteaMirror commented 2025-11-07 06:32:27 -06:00
Author
Owner
Copy Link

@uchagani commented on GitHub (Jun 9, 2019):

So it looks like the issue was that the fail2ban version included in the debian repos does not support ipv6. once installing a newer version I am seeing the ban messages from fail2ban. However, the ban isn't really doing anything.

2019-06-09 16:22:35,654 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:35
2019-06-09 16:22:42,867 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:42
2019-06-09 16:22:47,678 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:47
2019-06-09 16:22:48,249 fail2ban.actions        [1162]: NOTICE  [bitwarden] Ban 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623
2019-06-09 16:22:56,896 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:56
2019-06-09 16:23:08,128 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:07
2019-06-09 16:23:15,543 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:15
2019-06-09 16:23:16,308 fail2ban.actions        [1162]: NOTICE  [bitwarden] 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 already banned

I think it might have something to do with running bitwarden_rs in docker inside LXC (proxmox). I'll close this for now but if anyone has an ideas i'd love to try them out.

@uchagani commented on GitHub (Jun 9, 2019): So it looks like the issue was that the fail2ban version included in the debian repos does not support ipv6. once installing a newer version I am seeing the ban messages from fail2ban. However, the ban isn't really doing anything. ``` 2019-06-09 16:22:35,654 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:35 2019-06-09 16:22:42,867 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:42 2019-06-09 16:22:47,678 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:47 2019-06-09 16:22:48,249 fail2ban.actions [1162]: NOTICE [bitwarden] Ban 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 2019-06-09 16:22:56,896 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:56 2019-06-09 16:23:08,128 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:07 2019-06-09 16:23:15,543 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:15 2019-06-09 16:23:16,308 fail2ban.actions [1162]: NOTICE [bitwarden] 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 already banned ``` I think it might have something to do with running bitwarden_rs in docker inside LXC (proxmox). I'll close this for now but if anyone has an ideas i'd love to try them out.
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
Clear labels
better for forum
bug
documentation
duplicate
enhancement
future Vault
good first issue
help wanted
low priority
notes
pull-request
Mirrored from GitHub Pull Request
 question
SSO
Third party
troubleshooting
wontfix
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
GiteaMirror ninjasurge
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: github-starred/vaultwarden#315
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?