[GH-ISSUE #501] fail2ban not banning #315

New issue

Closed

opened 2026-03-03 01:27:54 +03:00 by kerem · 1 comment

kerem commented

2026-03-03 01:27:54 +03:00

Owner

Originally created by @uchagani on GitHub (Jun 8, 2019).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/501

I can't get fail2ban to ban any ip addresses.

I'm running bitwarden_rs behind a reverse proxy (caddy). My caddy ports are 8343 and 4112 (websocket)

my conf file:

[INCLUDES]
before = common.conf

[Definition]
failregex = ^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$
ignoreregex =

My jail file:

[bitwarden]
enabled = true
port = 80,443,8081,3012,8343
filter = bitwarden
action = iptables-allports[name=bitwarden]
logpath = /home/admin/bw-data/bitwarden.log
maxretry = 3
bantime = 60
findtime = 60

My bitwarden_rs log file message:

[2019-06-07 21:21:30][bitwarden_rs::error][ERROR] Username or password is incorrect. Try again. IP: 4108:73af:7d2a:15b5:e677:e790:5420:c45b. Username: myemail@gmail.com.

I've verified that fail2ban is loading the bitwarden configs:

2019-06-07 21:24:36,756 fail2ban.jail           [11049]: INFO    Creating new jail 'bitwarden'
2019-06-07 21:24:36,756 fail2ban.jail           [11049]: INFO    Jail 'bitwarden' uses pyinotify {}
2019-06-07 21:24:36,764 fail2ban.jail           [11049]: INFO    Initiated 'pyinotify' backend
2019-06-07 21:24:36,766 fail2ban.filter         [11049]: INFO    Set findtime = 60
2019-06-07 21:24:36,767 fail2ban.filter         [11049]: INFO    Set maxRetry = 3
2019-06-07 21:24:36,769 fail2ban.filter         [11049]: INFO    Added logfile = /home/admin/bw-data/bitwarden.log
2019-06-07 21:24:36,771 fail2ban.filter         [11049]: INFO    Set jail log file encoding to ANSI_X3.4-1968
2019-06-07 21:24:36,771 fail2ban.actions        [11049]: INFO    Set banTime = 60
2019-06-07 21:24:36,789 fail2ban.jail           [11049]: INFO    Jail 'sshd' started
2019-06-07 21:24:36,800 fail2ban.jail           [11049]: INFO    Jail 'bitwarden' started

Any ideas why fail2ban isn't banning users?

Originally created by @uchagani on GitHub (Jun 8, 2019). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/501 I can't get fail2ban to ban any ip addresses. I'm running bitwarden_rs behind a reverse proxy (caddy). My caddy ports are `8343` and `4112` (websocket) my conf file: ``` [INCLUDES] before = common.conf [Definition] failregex = ^.*Username or password is incorrect\. Try again\. IP: <HOST>\. Username:.*$ ignoreregex = ``` My jail file: ``` [bitwarden] enabled = true port = 80,443,8081,3012,8343 filter = bitwarden action = iptables-allports[name=bitwarden] logpath = /home/admin/bw-data/bitwarden.log maxretry = 3 bantime = 60 findtime = 60 ``` My bitwarden_rs log file message: ``` [2019-06-07 21:21:30][bitwarden_rs::error][ERROR] Username or password is incorrect. Try again. IP: 4108:73af:7d2a:15b5:e677:e790:5420:c45b. Username: myemail@gmail.com. ``` I've verified that fail2ban is loading the bitwarden configs: ``` 2019-06-07 21:24:36,756 fail2ban.jail [11049]: INFO Creating new jail 'bitwarden' 2019-06-07 21:24:36,756 fail2ban.jail [11049]: INFO Jail 'bitwarden' uses pyinotify {} 2019-06-07 21:24:36,764 fail2ban.jail [11049]: INFO Initiated 'pyinotify' backend 2019-06-07 21:24:36,766 fail2ban.filter [11049]: INFO Set findtime = 60 2019-06-07 21:24:36,767 fail2ban.filter [11049]: INFO Set maxRetry = 3 2019-06-07 21:24:36,769 fail2ban.filter [11049]: INFO Added logfile = /home/admin/bw-data/bitwarden.log 2019-06-07 21:24:36,771 fail2ban.filter [11049]: INFO Set jail log file encoding to ANSI_X3.4-1968 2019-06-07 21:24:36,771 fail2ban.actions [11049]: INFO Set banTime = 60 2019-06-07 21:24:36,789 fail2ban.jail [11049]: INFO Jail 'sshd' started 2019-06-07 21:24:36,800 fail2ban.jail [11049]: INFO Jail 'bitwarden' started ``` Any ideas why fail2ban isn't banning users?

kerem closed this issue

2026-03-03 01:27:54 +03:00

kerem commented

2026-03-03 01:27:55 +03:00

Author

Owner

@uchagani commented on GitHub (Jun 9, 2019):

So it looks like the issue was that the fail2ban version included in the debian repos does not support ipv6. once installing a newer version I am seeing the ban messages from fail2ban. However, the ban isn't really doing anything.

2019-06-09 16:22:35,654 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:35
2019-06-09 16:22:42,867 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:42
2019-06-09 16:22:47,678 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:47
2019-06-09 16:22:48,249 fail2ban.actions        [1162]: NOTICE  [bitwarden] Ban 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623
2019-06-09 16:22:56,896 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:56
2019-06-09 16:23:08,128 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:07
2019-06-09 16:23:15,543 fail2ban.filter         [1162]: INFO    [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:15
2019-06-09 16:23:16,308 fail2ban.actions        [1162]: NOTICE  [bitwarden] 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 already banned

I think it might have something to do with running bitwarden_rs in docker inside LXC (proxmox). I'll close this for now but if anyone has an ideas i'd love to try them out.

@uchagani commented on GitHub (Jun 9, 2019): So it looks like the issue was that the fail2ban version included in the debian repos does not support ipv6. once installing a newer version I am seeing the ban messages from fail2ban. However, the ban isn't really doing anything. ``` 2019-06-09 16:22:35,654 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:35 2019-06-09 16:22:42,867 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:42 2019-06-09 16:22:47,678 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:47 2019-06-09 16:22:48,249 fail2ban.actions [1162]: NOTICE [bitwarden] Ban 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 2019-06-09 16:22:56,896 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:22:56 2019-06-09 16:23:08,128 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:07 2019-06-09 16:23:15,543 fail2ban.filter [1162]: INFO [bitwarden] Found 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 - 2019-06-09 16:23:15 2019-06-09 16:23:16,308 fail2ban.actions [1162]: NOTICE [bitwarden] 4d99:d6ba:9768:ac8d:d269:ef3b:4521:623 already banned ``` I think it might have something to do with running bitwarden_rs in docker inside LXC (proxmox). I'll close this for now but if anyone has an ideas i'd love to try them out.

kerem referenced this issue

2026-03-03 08:36:35 +03:00

[PR #315] [MERGED] Restrict join on users_collections to current user (fixes #313) #2706