HEX
Server: Apache
System: Linux srv13.cpanelhost.cl 3.10.0-962.3.2.lve1.5.38.el7.x86_64 #1 SMP Thu Jun 18 05:28:41 EDT 2020 x86_64
User: cca63905 (4205)
PHP: 7.3.20
Disabled: NONE
$ pwd: /proc/self/cwd/guiaweb/dev/setup/fail2ban/filter.d/
Upload Files
File: //proc/self/cwd/guiaweb/dev/setup/fail2ban/filter.d/web-dolibarr-passf.conf
# Fail2Ban configuration file
#
# Regexp to detect access on passwordforgotten.php page so we can add mitigation on IP making too much
# access to this Dolibarr page.

[Definition]

# To test, you can inject this example into log
# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /passwordforgotten.php - action=buildnewpassword, massaction=" >> /mypath/documents/dolibarr.log
#
# then
# fail2ban-client status web-dolibarr-passf
#
# To test rule file on a existing log file
# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-passf.conf --print-all-matched

failregex = ^ [A-Z\s]+ <HOST>\s+--- Access to .*/passwordforgotten.php - action=buildnewpassword
ignoreregex =
@ Telegram