[ixpmanager] How protect IXPManager from exceed login or 404
Nick Hilliard (INEX)
nick at inex.ie
Wed Apr 29 14:37:28 IST 2020
willy.konga at gabix.ga wrote on 29/04/2020 11:33:
> Thanks. The ixpmanger generate his access | error log in the apache log
> directory. But the access log don't provide enough data to create a
> filter. So is it possible to modify the log system of IXPManger to
> generate more informations in the access log ?
Hi Willy
Each time someone logs in, you should see something in the access.log
file which looks like this:
> x.y.z.w - - [29/Apr/2020:14:06:41 +0100] "POST /ixp/login HTTP/1.0" 302 1297 "https://www.inex.ie/ixp/login" "Mozilla/5.0 (<deleted>) Gecko/20100101 <deleted>"
It should be sufficient to configure fail2ban to search for the
following line (assuming you're using https://ixp.gabix.ga/)
"POST /login HTTP/1.0" 302
If you see more than a certain threshold number of these entries in the
access.log file, then it means that someone is attempting to brute-force
a login attempt.
Nick
More information about the ixpmanager
mailing list