ERPNext stop responding to a specific ip address because of Fail2Ban

Samuel_Gervais · March 26, 2019, 2:05am

Fail2ban is blocking my ip address and I’m not sure why.

Same thing at work. I’m on ubuntu.

What can be do to prevent nginx-proxy jail to block my ip?
I can whitelist my ip but I dont have a static one so any suggestions?

fromthestone · March 26, 2019, 5:25am

could be possible to take a look at nginx-proxy.conf?

dineshpanchal432 · March 26, 2019, 5:29am

same thing happens with me

fromthestone · March 26, 2019, 7:58am

If your connection coming from a fix IP address you can add it to ignoreip in jail.conf

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8

Furthermore, do you have also SELinux or AppArmor enabled?
First, try to disable it and check if you are banned again.
If problem persists, re-enable SELinux and modify nginx-proxy.conf like this:

[nginx-proxy]
enabled = true
filter = nginx-proxy
logpath = /var/log/nginx/access.log
action = iptables-multiport[name=NoNginxProxy, port="http,https"]
maxretry = 10
bantime  = 60
findtime = 120

Increase maxretry to 10, reduce bantime to 60 seconds, reduce findtime to 120 seconds.
This, of course, must be balanced between the grade of security you want and the block that you receiving.

nikzz · March 26, 2019, 8:05am

Run this in terminal

/etc/init.d/fail2ban stop

Samuel_Gervais · March 26, 2019, 12:21pm

Thanks for your suggestions.
The access.log seems to show multiple 499 errors and I guess it’s the reason why.

Jibril · March 26, 2020, 6:11pm

This helped, thanks.

ahmadRagheb · March 27, 2020, 12:37am

i don’t think this the right solution … stopping fail2ban you will lose your protection against DDos attacks , if you check the log of fail2ban you will see the action against ip address [ban] … this is happen because the ip is using your server as forward proxy , to attack other servers and hide there trace . any way this is what i understand after a 2 days search . i think this machine is infected with something that causing this behavior. still searching for solution without stopping fail2ban .

Samuel_Gervais · March 27, 2020, 1:57am

just add your ip to the ignore list. You must do that every time your ip change… That is the best way to do it right now or get a fixed ip

ahmed_personal · September 18, 2022, 3:26pm

Hi, did you reach anywhere with your investigation?

pronext · December 11, 2022, 2:22am

I am also having this problem. Many logged in users get banned by fail2ban because of heavy works on the ERPNext UI. Had this problem for years now and never thought that fail2ban would block any logged-in users. But finally I checked the logs and found the banned ips.

Is there any way to keep fail2ban from messing with users, which are already logged into ERPNext successful?

mark17 · September 12, 2023, 6:14am

My experience is when I login in my office on say the LAN, it is on one IP address.

When I take my same computer (without logging out) and move to Meeting Room to do presentation using WiFi (which is on another IP address), Fail2Ban will detect the same login on multiple IP address. The IP address will be banned by Fail2Ban.

Because my safety setting is 10 mins, the system will automatically release the IP after that duration.

I think the solution is to put these ‘trusted’ IPs in the ‘Ignore IP’ config file.

Hope this helps someone