From 9f6b78b0536b716e597bdb61c0196fe67e3a3849 Mon Sep 17 00:00:00 2001
From: Laurent Destailleur <eldy@destailleur.fr>
Date: Sat, 17 Sep 2022 15:06:36 +0200
Subject: [PATCH] NEW Add fail2ban rule to limit access to /public pages

---
 .../filter.d/web-dolibarr-limitpublic.conf    | 20 +++++++++++++++++++
 dev/setup/fail2ban/jail.local                 | 18 +++++++++++++++--
 2 files changed, 36 insertions(+), 2 deletions(-)
 create mode 100644 dev/setup/fail2ban/filter.d/web-dolibarr-limitpublic.conf

diff --git a/dev/setup/fail2ban/filter.d/web-dolibarr-limitpublic.conf b/dev/setup/fail2ban/filter.d/web-dolibarr-limitpublic.conf
new file mode 100644
index 00000000000..45b4a9b8084
--- /dev/null
+++ b/dev/setup/fail2ban/filter.d/web-dolibarr-limitpublic.conf
@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Regexp to catch known spambots and software alike. Please verify
+# that it is your intent to block IPs which were driven by
+# above mentioned bots.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4    --- Access to GET /public/clicktodial/cidlookup.php" >> /mypath/documents/dolibarr.log
+#
+# then 
+# fail2ban-client status web-dol-passforgotten 
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-limitpublic.conf
+
+failregex = ^ [A-Z\s]+ <HOST>\s+--- Access to .*/public/
+ignoreregex =
diff --git a/dev/setup/fail2ban/jail.local b/dev/setup/fail2ban/jail.local
index bd506e20812..733987aa45c 100644
--- a/dev/setup/fail2ban/jail.local
+++ b/dev/setup/fail2ban/jail.local
@@ -8,21 +8,35 @@
 enabled = true
 port    = http,https
 filter  = web-dolibarr-rulespassforgotten
-logpath = >> /mypath/documents/documents/dolibarr.log
+logpath = /mypath/documents/documents/dolibarr.log
 action  = %(action_mw)s
 bantime  = 4320000   ; 50 days
 findtime = 86400     ; 1 day
 maxretry = 10
 
+
 [web-dol-bruteforce]
 
 ; rule against bruteforce hacking (login + api)
 enabled = true
 port    = http,https
 filter  = web-dolibarr-rulesbruteforce
-logpath = >> /mypath/documents/documents/dolibarr.log
+logpath = /mypath/documents/documents/dolibarr.log
 action  = %(action_mw)s
 bantime  = 86400     ; 1 day
 findtime = 3600      ; 1 hour
 maxretry = 10
 
+
+[web-dol-limitpublic]
+
+; rule to add rate limit on some public pages
+enabled = true
+port    = http,https
+filter  = web-dolibarr-limitpublic
+logpath = /mypath/documents/documents/dolibarr.log
+action  = %(action_mw)s
+bantime  = 86400     ; 1 day
+findtime = 86400     ; 1 day
+maxretry = 500
+