I don’t have http auth set for my Octoprint, and all guides I found required it for Fail2ban to work. I started looking around the Octoprint log files and found that the recent addition of Force Login plugin creates logs of failed logins to .octoprint/logs/octoprint.log file.
Installing and Setting up Fail2ban on Octoprint
sudo apt-get install fail2ban
Create new jail file for octoprint in the jail.d folder.
sudo nano /etc/fail2ban/jail.d/octoprint.conf
Below is the jail.d config I have used for my setup. Bantime is 86400 seconds, meaning 24 hours. I’m only banning from http and https because I haven’t forwarded any other ports to my raspberry pi.
enabled = true
filter = octoprint
logpath = /home/pi/.octoprint/logs/octoprint.log
port = http,https
maxretry = 3
findtime = 10800
bantime = 86400
banaction = iptables-allports
Create new filter file for octoprint in the filter.d folder.
sudo nano /etc/fail2ban/filter.d/octoprint.conf
Below is the regex I have used for my setup.
# Fail2Ban filter for Octoprint login failures
before = common.conf
_daemon = app
failregex = - tornado.access - WARNING - 401 POST /api/login \(<HOST>\) .+$
The regex was made based on failed login in octoprint.log file, which looks like
2020-01-13 16:39:25,526 - tornado.access - WARNING - 401 POST /api/login (::ffff:XX.XXX.XX.XX) 17.58ms