Kopano Webapp reverse Proxy Fail2Ban integration



  • Hello,
    we run the Kopan webapp and also Z-Push behind an Apache reverse proxy. Now I want to secure the Webapp and also Z-Push with Fail2Ban. The Apache proxy generates the correct http header “X-Forwarded-For”.
    With this logging setting

    "CustomLog /path/to/logs/access_log "%h %l %u %t \"%r\" %s %b \"%{Referer}i\" \"%{User-agent}i\" \"[XF %{X-Forwarded-For}i]\""
    

    the Apache web server on Kopano server logs the “X-Forwarded-For” headers in the Apache access log. But login errors of the WebApp are logged in error_log by Apache.
    Unfortunately Fail2Ban need the login error and the correct IP address in one log file.
    Question: How do I get the WebApp login errors into the Apache access log?

    I am grateful for any help.



  • Hi @WalterHof

    I am also setting up an fail2ban environment behind an apache reverse proxy.

    In my apache.error.log I have all infos fail2ban needs.
    example line:

    [Wed Sep 16 10:44:08.987810 2020] [:error] [pid 24475] [client 12.34.56.78:40378] Kopano WebApp user: <user>: authentication failure at MAPI, referer: https://kopano.example.com/webapp/?logon
    

    Simply configure fail2ban to look for the error.log and not the access.log. Or am i missing something?

    Do you set up fail2ban on the Kopano Server or on the Revproxy?

    Kind regards
    Basti



  • Hi,

    I run fail2ban on the kopano server. My reverse proxy is an Apache2 so I have external IPs in error log on kopano server.

    Walter


Log in to reply