Fail2ban regex trigger

[ippocratis]

I am exposing my librephotos instance bethind a reverse proxy using caddy webserver
I'm creating log files for it and monitor the logs with fail2ban

I use a regex filter

failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$ ignoreregex =

And set the thresold to 3 failed attempts

Looks like simply opening photos in uhuruphotos triggers the reggex filter and bans my IP so I cant use the app anymore until I unban it

Any ideas about how I would come over this apreciated

I know not directly related to the app so you could close this issue if you think its completely irrelevant

Thanks

[savvasdalkitsis]

Hm yea blindly blocking 4xx is appealing (I've done that too in the past) but can break apps that rely on these responses as a signal to refresh their access tokens.

You could perhaps allow the app user agent?

[savvasdalkitsis]

You can find the agent pattern here : https://github.com/savvasdalkitsis/uhuruphotos-android/blob/main/implementation/network/src/main/kotlin/com/savvasdalkitsis/uhuruphotos/implementation/network/interceptors/UserAgentInterceptor.kt#L29

[ippocratis]

Looks like
failregex = ^<HOST>.+\s(400|401)\s.+
Is not triggering any bans while just using the app
Only in failed logins as expected
Not sure why though
anyway
Thanks

Source