hub?access_token= #774

New issue

Closed

opened 2026-03-03 02:03:04 +03:00 by kerem · 3 comments

kerem commented

2026-03-03 02:03:04 +03:00

Owner

Originally created by @alamparelli on GitHub (Aug 11, 2020).
Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1092

I have configured a fail2ban instance to scan logs on a specific pattern and i get banned locally because i have such this error on my bitwarden logs:

{"log":"website.com 192.168.1.1 - - [11/Aug/2020:11:34:49 +0000] "GET /notifications/hub?access_token= HTTP/1.1" 400 2 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0"\n","stream":"stdout","time":"2020-08-11T11:34:49.822053603Z"}

Envionments

Server Installed 1.16.3
Web Installed 2.15.1

Install method: docker Image
Clients used: any client (app/webbrowser addon)
Reverse proxy and version: nginx version: nginx/1.19.1 (docker)

Fail2ban is installed on host machine and scan docker json files
fail2ban regex to filter out :

failregex = ^.* ."(GET|POST)." (404|444|403|400|422) .*$

the 192.168.1.1 is my router
I access it locally via a dynamicsdns config/let'sencrypt config so that's why my router address is seen in logs.

Originally created by @alamparelli on GitHub (Aug 11, 2020). Original GitHub issue: https://github.com/dani-garcia/vaultwarden/issues/1092 I have configured a fail2ban instance to scan logs on a specific pattern and i get banned locally because i have such this error on my bitwarden logs: _{"log":"website.com **192.168.1.1** - - [11/Aug/2020:11:34:49 +0000] \"GET /notifications/hub?access_token=<token> HTTP/1.1\" **400** 2 \"-\" \"Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:74.0) Gecko/20100101 Firefox/74.0\"\n","stream":"stdout","time":"2020-08-11T11:34:49.822053603Z"}_ ## Envionments Server Installed 1.16.3 Web Installed 2.15.1 * Install method: docker Image * Clients used: any client (app/webbrowser addon) * Reverse proxy and version: nginx version: nginx/1.19.1 (docker) Fail2ban is installed on host machine and scan docker json files fail2ban regex to filter out : > failregex = ^.* <HOST> .*"(GET|POST).*" (404|444|403|400|422) .*$ the 192.168.1.1 is my router I access it locally via a dynamicsdns config/let'sencrypt config so that's why my router address is seen in logs.

kerem closed this issue

2026-03-03 02:03:04 +03:00

kerem commented

2026-03-03 02:03:05 +03:00

Author

Owner

@alamparelli commented on GitHub (Aug 11, 2020):

is there a configuration that i have missed ?
The final scope is to not ignore my router address to improve security.
Thank you for your help.

@alamparelli commented on GitHub (Aug 11, 2020): is there a configuration that i have missed ? The final scope is to not ignore my router address to improve security. Thank you for your help. Br

kerem commented

2026-03-03 02:03:05 +03:00

Author

Owner

@dani-garcia commented on GitHub (Aug 11, 2020):

You'd need to enable websockets support for that error to dissapear.
https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications

@dani-garcia commented on GitHub (Aug 11, 2020): You'd need to enable websockets support for that error to dissapear. https://github.com/dani-garcia/bitwarden_rs/wiki/Enabling-WebSocket-notifications

kerem commented

2026-03-03 02:03:05 +03:00

Author

Owner

@alamparelli commented on GitHub (Aug 12, 2020):

Thank you i was able to mitigate this and bypass the 400 error.

@alamparelli commented on GitHub (Aug 12, 2020): Thank you i was able to mitigate this and bypass the 400 error.