NEW Add fail2ban rule to limit access to /public pages

dev/setup/fail2ban/filter.d/web-dolibarr-limitpublic.conf

@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# above mentioned bots.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /public/clicktodial/cidlookup.php" >> /mypath/documents/dolibarr.log
+#
+# then 
+# fail2ban-client status web-dol-passforgotten 
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-limitpublic.conf
+
+failregex = ^ [A-Z\s]+ <HOST>\s+--- Access to .*/public/
+ignoreregex =

dev/setup/fail2ban/jail.local

@@ -8,21 +8,35 @@
 enabled = true
 port    = http,https
 filter  = web-dolibarr-rulespassforgotten
-logpath = >> /mypath/documents/documents/dolibarr.log
+logpath = /mypath/documents/documents/dolibarr.log
 action  = %(action_mw)s
 bantime  = 4320000   ; 50 days
 findtime = 86400     ; 1 day
 maxretry = 10
 
+
 [web-dol-bruteforce]
 
 ; rule against bruteforce hacking (login + api)
 enabled = true
 port    = http,https
 filter  = web-dolibarr-rulesbruteforce
-logpath = >> /mypath/documents/documents/dolibarr.log
+logpath = /mypath/documents/documents/dolibarr.log
 action  = %(action_mw)s
 bantime  = 86400     ; 1 day
 findtime = 3600      ; 1 hour
 maxretry = 10
 
+
+[web-dol-limitpublic]
+
+; rule to add rate limit on some public pages
+enabled = true
+port    = http,https
+filter  = web-dolibarr-limitpublic
+logpath = /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 86400     ; 1 day
+findtime = 86400     ; 1 day
+maxretry = 500
+