forked from Wavyzz/dolibarr
43 lines
961 B
Plaintext
43 lines
961 B
Plaintext
#
|
|
# Examle of rule you can add to fail2ban to restrict bruteforce attacks.
|
|
#
|
|
|
|
[web-dol-passforgotten]
|
|
|
|
; rule against call of passwordforgottenpage
|
|
enabled = true
|
|
port = http,https
|
|
filter = web-dolibarr-rulespassforgotten
|
|
logpath = /mypath/documents/documents/dolibarr.log
|
|
action = %(action_mw)s
|
|
bantime = 4320000 ; 50 days
|
|
findtime = 86400 ; 1 day
|
|
maxretry = 10
|
|
|
|
|
|
[web-dol-bruteforce]
|
|
|
|
; rule against bruteforce hacking (login + api)
|
|
enabled = true
|
|
port = http,https
|
|
filter = web-dolibarr-rulesbruteforce
|
|
logpath = /mypath/documents/documents/dolibarr.log
|
|
action = %(action_mw)s
|
|
bantime = 86400 ; 1 day
|
|
findtime = 3600 ; 1 hour
|
|
maxretry = 10
|
|
|
|
|
|
[web-dol-limitpublic]
|
|
|
|
; rule to add rate limit on some public pages
|
|
enabled = true
|
|
port = http,https
|
|
filter = web-dolibarr-limitpublic
|
|
logpath = /mypath/documents/documents/dolibarr.log
|
|
action = %(action_mw)s
|
|
bantime = 86400 ; 1 day
|
|
findtime = 86400 ; 1 day
|
|
maxretry = 500
|
|
|