From 77265b882832f7e8f18a0169b05787695152c3cb Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Thu, 15 Dec 2022 11:29:32 +0100
Subject: [PATCH] Add example of fail2ban to block 403 forbidden tries

---
 .../filter.d/web-accesslog-limit403.conf      | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)
 create mode 100644 dev/setup/fail2ban/filter.d/web-accesslog-limit403.conf

diff --git a/dev/setup/fail2ban/filter.d/web-accesslog-limit403.conf b/dev/setup/fail2ban/filter.d/web-accesslog-limit403.conf
new file mode 100644
index 00000000000..8724d193953
--- /dev/null
+++ b/dev/setup/fail2ban/filter.d/web-accesslog-limit403.conf
@@ -0,0 +1,19 @@
+# Fail2Ban configuration file
+#
+# Regexp to detect forbidden access on pages (public or not) so we can add mitigation on IP making too much 
+# access to your a Dolibarr instance.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `myvirtualhost.com:443 1.2.3.4 - - [15/Dec/2022:09:57:47 +0000] "GET /public/.*" 403 123 "-" "Mozilla" >> /var/log/apache2/access.log
+#
+# then 
+# fail2ban-client status web-accesslog-limit403 
+#
+# To test rule file on a existing log file
+# fail2ban-regex /var/log/apache2/access.log /etc/fail2ban/filter.d/web-accesslog-limit403.conf
+
+failregex = <HOST> - - .*HTTP/[0-9]+(.[0-9]+)?" 403
+ignoreregex =