Log of unsuccessful login attempts with external IP #3224
Comments
|
When using the official FreshRSS Docker image, there is a copy of the logs in the normal Docker logs: docker logs -f freshrssYou are correct that the IP logged there is the one coming from the proxy. I will fix that. |
Yes, I know about the normal Docker logs. What I meant is if it is possible to access those logs through a file, stored in a folder that could be mapped to a shared folder in the host. This way, the fail2ban instance could constantly monitor the log file and block offending IPs without delay. Would this be possible withouth manually modifying the container (this complicates updating whenever a new version is released).
Thanks! |
#fix FreshRSS#3224 Log the client remote IP instead of the local proxy IP https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
|
Logging the proper IP should be fixed in #3226 tail /var/lib/docker/containers/`docker inspect --format="{{.Id}}" freshrss`/`docker inspect --format="{{.Id}}" freshrss`-json.log | jq -r .log |
I will look into it and report back. Thanks.
In other images what I see is that the log is also written to a file, which can be exposed in a volume mounted from the host. This way, that volume (or, at least, the file) can be monitored by the instance running fail2ban. Would it be possible to write the log both to stdout (redirected to Docker) and also to a file? Something similar to what the |
|
Isn't my suggestion higher up to read the file produced by Docker log usable? It is just a file on your host. |
|
The thing is that fail2ban monitors files. Thus, we would need to configure something in the host to extract the logs from Docker into a file. I think that this is not an ideal solution as a periodic job should be configured, which necessarily will introduce a delay in the moment the IP gets banned. Or maybe there is another alternative of which I am not aware? |
#fix #3224 Log the client remote IP instead of the local proxy IP https://httpd.apache.org/docs/2.4/mod/mod_remoteip.html
|
@tonitonae The Docker log is a normal text file (though in JSON format by default). However, you can also add additional logging this way:
tail /var/log/apache2/freshrss.log(Remember log-rotate) |
|
If that works for you, could you please add it in our documentation, maybe as a new fail2ban section in https://github.com/FreshRSS/FreshRSS/blob/master/docs/en/admins/09_AccessControl.md |
|
@tonitonae could you please support us here with a PR to improve our documentation with your knowledge/experience? |
|
Hi @math-GH. Sure thing, but I do not think I can do it immediately. I am a bit overwhelmed with work and some personal affairs. I will add this to my ToDo list, but no guarantees that I can do it in the following weeks. Sorry about that :/ |
|
There is no hurry |
|
Reworked in #5549 |
Hi.
I was trying to configure fail2ban with FreshRSS running in a Docker container and I have several issues.
First one: is there any global log that can be accessed from outside the container to be processed by a fail2ban instance? As far as I can see, there is only a per user log in the data foder, but there I can not find the 403 lines that are being registered with the offending IP.
Second one: Regarding the IP, in mi instance, what I see is the local IP, not the external one, which is the one that must be blocked if several attempts to login fail. Would it be possible to log the external IP from which the container is being accessed? I am running the container with an isolated bridge network as recommended in the docs.
Thanks in advance for your help.
The text was updated successfully, but these errors were encountered: