Categorías

How to activate and use the Gestinable Fail2Ban on my Cloud with SWPanel

What is the Manageable Fail2Ban?

The Fail2Ban service is an intelligent analysis system applied to your server that operates in a managed way, based on the configuration you have set, to restrict erroneous or unauthorized access attempts to your service.

How can I activate the Fail2Ban system on my cloud?

Inside your SWPanel, type the name of the Cloud where you want to activate Fail2Ban into the top search box. Once you've located the service, click its name to access its Dashboard.

Once inside your cloud, go to the Available Improvements section on the right side of the dashboard. There, you’ll find the Manageable Fail2Ban option.

When you click the activation button, you’ll automatically be redirected to the activation section. Here, you’ll find information about what you can manage with Fail2Ban, and you can enable it by ticking the Activate Manageable Fail2Ban on my Cloud checkbox and accepting the service.

What settings can I configure in Fail2Ban and how?

To modify your Fail2Ban settings, go to your cloud dashboard. In the same Available Improvements section where you activated the service, you'll now see the Manageable Fail2Ban option with an extra icon that allows you to configure parameters.

Fail2Ban Settings

In this section, you can configure the blocking parameters for failed access attempts:

Bantime: The duration of the block once applied. The value must be entered in seconds. Default is 36,000 seconds (10 hours).
Findtime: The time window during which failed attempts are counted. If more failed requests are made during this period, the block is triggered. Default is 60 seconds (1 minute).
Maxretry: The maximum number of failed attempts allowed within the Findtime before a block is applied. Default is 10 attempts.

(The combination of Maxretry and Findtime defines how many attempts within a specific period will trigger a block.)

Fail2Ban Whitelist

In this section, you can add IPs that you want to exempt from Fail2Ban blocking, regardless of failed attempts. To add IPs to the whitelist, click the blue Add an IP now button on the right.

Clicking the button will open a window where you can enter the IPs in the text box.

Fail2Ban Blacklist

In this section, you can add IPs that you want to block via Fail2Ban, regardless of failed attempts. Click the blue Add an IP now button on the right.

Clicking the button will open a window identical to the one used for the whitelist, where you can enter the IPs in the text box.

Current Fail2Ban Blocks

In this section, you can monitor the IPs that have been blocked by your Fail2Ban system based on the configuration from the Fail2Ban Settings section.

You can view the IPs filtered by: Creation date of the block, IP address, Country of origin, Block status, Protocol used, or Last updated date.

Besides monitoring the blocked IPs, you can also manage them easily from this same section. You’ll find options to Unblock, add to the Whitelist, or add to the Blacklist.

To do so, click the "..." dropdown menu to the right of any IP and select the desired action.

Unblock IP

When you select Unblock IP, the following confirmation window will appear. Simply confirm the action if you wish to proceed.

Add IP to Whitelist

If you choose to add the IP to the Whitelist, the following window will appear with the selected IP already in the text box:

You can modify the IP in the text box, although it’s not really necessary, since the purpose is to whitelist the IP you are managing.

Add IP to Blacklist

If you want to add the IP to the Blacklist to prevent it from connecting again, an identical window will appear with the selected IP already in the text box:

You can edit the IP, but again, it doesn’t make much sense, since you’re intending to blacklist that specific IP.