SSL Labs ScoreSecurityHeaders.io ScoreHSTS Preloaded

AdminExile + Fail2Ban

It finally happened. Although I've been running AdminExile with Fail2Ban for a long time, nobody has asked how to do it. Certainly, there are some admins out there who didn't need help. Someone finally asked, and that prompted me to write this document.

This document is for administrators who operate their own servers, and are capable of installing and configuring Fail2Ban. Users who are on shared servers, or use commodity services to host their sites will probably not have access to install or configure Fail2Ban.

Any current (and future) version of AdminExile is capable of this configuration.

AdminExile configuration:

In /administrator, view the AdminExile configuration within the Plugin Manager. The only necessary configuration is to set "Enable Failure Logs" to "Yes"

Fail2Ban configuration:

First, you need to create a filter. This template is a very simple example, because the goal is only to identify the specific lines in the error log which indicate an AdminExile failure.

# Fail2Ban filter to block failed AdminExile authentication 
#

[Definition]

failregex = ^.*?\(<HOST>\) failed to authenticate via AdminExile
ignoreregex =

Second, you must configure Fail2Ban to utilize this filter. There are many ways to do it, but I like to maintain a jail.local file. This file defines which filter is to be used, which file the filter is supposed to monitor, the maximum number of tolerated failures, and the penalty for exceeding that maximum.

[adminexile] 
enabled = true
port = http,https
filter = adminexile
logpath = /var/log/apache2/error.log
maxretry = 2
findtime = 600

Of course, you'll need to adjust this to the location of your server error log.

Once configured, restart Fail2Ban and you should be in business.