mirror of
https://github.com/dani-garcia/vaultwarden.git
synced 2026-04-26 01:35:54 +03:00
[GH-ISSUE #1092] Fail2Ban & Error 400 on GET /notifications/hub?access_token= #774
Labels
No labels
SSO
Third party
better for forum
bug
bug
documentation
duplicate
enhancement
future Vault
future Vault
future Vault
good first issue
help wanted
low priority
notes
pull-request
question
troubleshooting
wontfix
No milestone
No project
No assignees
1 participant
Notifications
Due date
No due date set.
Dependencies
No dependencies set.
Reference
starred/vaultwarden#774
Loading…
Add table
Add a link
Reference in a new issue
No description provided.
Delete branch "%!s()"
Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?
Originally created by @alamparelli on GitHub (Aug 11, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1092
I have configured a fail2ban instance to scan logs on a specific pattern and i get banned locally because i have such this error on my bitwarden logs:
{"log":"website.com 192.168.1.1 - - [11/Aug/2020:11:34:49 +0000] "GET /notifications/hub?access_token= HTTP/1.1" 400 2 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"\n","stream":"stdout","time":"2020-08-11T11:34:49.822053603Z"}
Envionments
Server Installed 1.16.3
Web Installed 2.15.1
Fail2ban is installed on host machine and scan docker json files
fail2ban regex to filter out :
the 192.168.1.1 is my router
I access it locally via a dynamicsdns config/let'sencrypt config so that's why my router address is seen in logs.
@alamparelli commented on GitHub (Aug 11, 2020):
is there a configuration that i have missed ?
The final scope is to not ignore my router address to improve security.
Thank you for your help.
Br
@dani-garcia commented on GitHub (Aug 11, 2020):
You'd need to enable websockets support for that error to dissapear.
https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications
@alamparelli commented on GitHub (Aug 12, 2020):
Thank you i was able to mitigate this and bypass the 400 error.