name : drupal-auth.conf # Fail2Ban filter to block repeated failed login attempts to Drupal site(s) # # # Drupal must be setup to use Syslog, which defaults to the following format: # # !base_url|!timestamp|!type|!ip|!request_uri|!referer|!uid|!link|!message # # [INCLUDES] before = common.conf [Definition] failregex = ^%(__prefix_line)s(?:https?:\/\/)[^|]+\|[^|]+\|[^|]+\|<ADDR>\|(?:[^|]*\|)*Login attempt failed (?:for|from) <F-USER>[^|]+</F-USER>\.$ ignoreregex = # DEV Notes: # # https://www.drupal.org/documentation/modules/syslog # # Author: Lee Clemens