Fail2Ban not working

neotheghost

System:CentOS 8.2.2004(Py3.7.8) / AApanel 6.8.9

I made a rule in fail2ban Manager to block brute force login attempts:

I tested it by entering the wrong login credentials to wordpress several times. My IP got blacklisted in Fail2Ban Manager. Still i can acress the page from the "blocked" IP.

aapanel_user

neotheghost try to restart fail2ban

neotheghost

i tried. not working. i also checked if the service is running via terminal. all seems ok, even the logs the OLD access logs are read correctly. i don't understand the issue.

neotheghost

after a week of testing i found the following:

if SSL is disabled on a domain fail2ban works as expected. if SSL is enabled fail2ban won't work anymore.

Looking at the access logs the only difference is the protocoll:

'- 100.100.100.100 - - [08/Apr/2021:14:09:54 +0200] "POST /wp-login.php HTTP/1.1" (will get blocked)
'- 100.100.100.100 - - [08/Apr/2021:14:14:17 +0200] "POST /wp-login.php HTTP/2" (wont get blocked)

looking at the filter set in /etc/fail2ban/filter.d/aaP_test1.reventor.eu_cc.conf i see that that only HTTP/1 is tracked:

[Definition]
failregex = <HOST> -.- .HTTP/1.* .* .*$
ignoreregex =

any bot using HTTP/2 is allowed endless trys in password guessing. i think that's a big safety issue.
how can it be changed to block all protocolls?

aaPanel_Jose

neotheghost
Thanks for your feedback, we will check it

WasteDolphine

Any fix for this.
I am also facing this issue.
Fail2ban works with non ssl site but not with ssl site.

Thanks.