{"id":16332,"date":"2024-10-31T19:19:50","date_gmt":"2024-10-31T19:19:50","guid":{"rendered":"https:\/\/truehost.com\/support\/?post_type=docs&#038;p=16332"},"modified":"2024-11-01T06:24:57","modified_gmt":"2024-11-01T06:24:57","password":"","slug":"how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks","status":"publish","type":"docs","link":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/","title":{"rendered":"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks"},"content":{"rendered":"\n<p>Fail2Ban is a valuable tool for protecting Apache and Nginx from brute-force attacks by monitoring log files and temporarily banning IPs that show malicious behavior. Here\u2019s a step-by-step guide to setting it up.<\/p>\n\n\n\n<p><strong>1. Install and Configure Fail2Ban<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>For most Linux distributions, you can install Fail2Ban from the default repositories. Please refer to <strong><a href=\"https:\/\/truehost.com\/support\/knowledge-base\/how-to-secure-a-linux-server-with-fail2ban\/\" target=\"_blank\" rel=\"noreferrer noopener\">this guide<\/a><\/strong><\/li>\n<\/ul>\n\n\n\n<p><strong>2. Enable Default Fail2Ban Settings<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>In the <code>jail.local<\/code> file, you\u2019ll find these essential parameters:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;DEFAULT]<br>bantime = 10m # Set the ban duration (10 minutes)<br>findtime = 10m # Window of time for finding repeated attempts<br>maxretry = 5 # Number of attempts before an IP is banned<\/code><\/pre>\n\n\n\n<p><strong>3. Configure Apache Protection<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>Fail2Ban has pre-configured filters for Apache. Enable them in the <code>jail.local<\/code> file. Enable the <code>apache-auth<\/code> and <code>apache-badbots<\/code> Jails<\/li>\n\n\n\n<li>Add or modify these sections:<\/li>\n<\/ul>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;apache-auth]\nenabled = true\nport = http,https\nlogpath = \/var\/log\/apache2\/error.log\nmaxretry = 3\n\n&#91;apache-badbots]\nenabled = true\nport = http,https\nlogpath = \/var\/log\/apache2\/access.log\nbantime = 1h\nmaxretry = 2<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>logpath<\/code>: Confirm that this path matches your Apache error and access logs.<\/li>\n\n\n\n<li><code>bantime<\/code>: Specifies the duration for which the IP should be banned.<\/li>\n<\/ul>\n\n\n\n<p>Optional: Protect Apache with <code>apache-noscript<\/code><\/p>\n\n\n\n<p>This jail bans IPs that try to access certain file types repeatedly (e.g., <code>*.php<\/code> in non-PHP sites).<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;apache-noscript]\nenabled = true\nport    = http,https\nlogpath = \/var\/log\/apache2\/access.log\nmaxretry = 2<\/code><\/pre>\n\n\n\n<p><strong>4. Configure Nginx Protection<\/strong><\/p>\n\n\n\n<p>Fail2Ban also includes filters for Nginx to protect against various attacks.<\/p>\n\n\n\n<h4 class=\"wp-block-heading\">Enable the <code>nginx-http-auth<\/code> Jail<\/h4>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;nginx-http-auth]\nenabled = true\nport    = http,https\nlogpath = \/var\/log\/nginx\/error.log\nmaxretry = 3\n<\/code><\/pre>\n\n\n\n<ul class=\"wp-block-list\">\n<li><code>logpath<\/code>: Ensure this path matches your Nginx error log.<\/li>\n<\/ul>\n\n\n\n<p><strong>Optional: Protect Nginx Against DDoS with <code>nginx-botsearch<\/code><\/strong><\/p>\n\n\n\n<p>To protect against bot attacks that scan URLs:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;nginx-botsearch]\nenabled = true\nport    = http,https\nlogpath = \/var\/log\/nginx\/access.log\nbantime = 1h\nmaxretry = 2<\/code><\/pre>\n\n\n\n<p><strong>5. Create Custom Fail2Ban Filters (Optional)<\/strong><\/p>\n\n\n\n<p>To define a custom filter, create a file in <code>\/etc\/fail2ban\/filter.d\/<\/code>. For example, create <code>\/etc\/fail2ban\/filter.d\/nginx-403.conf<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo nano \/etc\/fail2ban\/filter.d\/nginx-403.conf<\/code><\/pre>\n\n\n\n<p>Add your filtering rules to detect 403 Forbidden attempts:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;Definition]\nfailregex = ^&lt;HOST> -.*\"(GET|POST).*HTTP\/.*\" 403\nignoreregex =<\/code><\/pre>\n\n\n\n<p>Then, add this filter to <code>jail.local<\/code>:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>&#91;nginx-403]\nenabled = true\nport    = http,https\nlogpath = \/var\/log\/nginx\/access.log\nfilter  = nginx-403\nmaxretry = 2\nbantime = 1h<\/code><\/pre>\n\n\n\n<p>6. Start and Enable Fail2Ban<\/p>\n\n\n\n<p>Start the Fail2Ban service and enable it to run on startup:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo systemctl start fail2ban\nsudo systemctl enable fail2ban<\/code><\/pre>\n\n\n\n<p>7. Monitor Fail2Ban<\/p>\n\n\n\n<p>To see which jails are active, use:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fail2ban-client status<\/code><\/pre>\n\n\n\n<p>To check the status of a specific jail (e.g., <code>apache-auth<\/code>):<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fail2ban-client status apache-auth<\/code><\/pre>\n\n\n\n<p>8. Unban an IP Address (if necessary)<\/p>\n\n\n\n<p>If you need to unban an IP address, use the following command:<\/p>\n\n\n\n<pre class=\"wp-block-code\"><code>sudo fail2ban-client unban &lt;IP_ADDRESS><\/code><\/pre>\n\n\n\n<h2 class=\"wp-block-heading\">Author&#8217;s final word<\/h2>\n\n\n\n<p>Fail2Ban should now be set up to protect your Apache or Nginx web server from brute-force attacks and bots by banning suspicious IPs automatically. This configuration can be further customized to suit your server\u2019s needs.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Fail2Ban is a valuable tool for protecting Apache and Nginx from brute-force attacks by monitoring log files and temporarily banning IPs that show malicious behavior. Here\u2019s a step-by-step guide to setting it up. 1. Install and Configure Fail2Ban 2. Enable Default Fail2Ban Settings 3. Configure Apache Protection Optional: Protect Apache with apache-noscript This jail bans [&hellip;]<\/p>\n","protected":false},"author":9,"featured_media":0,"comment_status":"open","ping_status":"closed","template":"","meta":{"_eb_attr":"","_exactmetrics_skip_tracking":false,"_exactmetrics_sitenote_active":false,"_exactmetrics_sitenote_note":"","_exactmetrics_sitenote_category":0,"footnotes":""},"doc_category":[1820,1824,1879,2128],"doc_tag":[],"class_list":["post-16332","docs","type-docs","status-publish","hentry","doc_category-cloud-servers-in-kenya","doc_category-dedicated-servers","doc_category-servers","doc_category-vps-servers"],"year_month":"2026-07","word_count":487,"total_views":0,"reactions":{"happy":0,"normal":0,"sad":0},"author_info":{"name":"Eugene","author_nicename":"eugene","author_url":"https:\/\/truehost.com\/support\/author\/eugene\/"},"doc_category_info":[{"term_name":"Cloud servers in Kenya","term_url":"https:\/\/truehost.com\/support\/docs-category\/cloud-servers-in-kenya\/"},{"term_name":"dedicated servers","term_url":"https:\/\/truehost.com\/support\/docs-category\/dedicated-servers\/"},{"term_name":"Servers","term_url":"https:\/\/truehost.com\/support\/docs-category\/servers\/"},{"term_name":"VPS-Servers","term_url":"https:\/\/truehost.com\/support\/docs-category\/vps-servers\/"}],"doc_tag_info":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v28.0 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks -<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks -\" \/>\n<meta property=\"og:description\" content=\"Fail2Ban is a valuable tool for protecting Apache and Nginx from brute-force attacks by monitoring log files and temporarily banning IPs that show malicious behavior. Here\u2019s a step-by-step guide to setting it up. 1. Install and Configure Fail2Ban 2. Enable Default Fail2Ban Settings 3. Configure Apache Protection Optional: Protect Apache with apache-noscript This jail bans [&hellip;]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/\" \/>\n<meta property=\"article:modified_time\" content=\"2024-11-01T06:24:57+00:00\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data1\" content=\"1 minute\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\\\/\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\\\/\",\"name\":\"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks -\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#website\"},\"datePublished\":\"2024-10-31T19:19:50+00:00\",\"dateModified\":\"2024-11-01T06:24:57+00:00\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\\\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/knowledge-base\\\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\\\/\\\/truehost.com\\\/support\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#website\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/\",\"name\":\"\",\"description\":\"Help In a Click\",\"publisher\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/truehost.com\\\/support\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#organization\",\"name\":\"Truehost Kenya\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/truehost.com\\\/support\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/cropped-image_2026-04-16_174808866.png\",\"contentUrl\":\"https:\\\/\\\/truehost.com\\\/support\\\/wp-content\\\/uploads\\\/2026\\\/04\\\/cropped-image_2026-04-16_174808866.png\",\"width\":240,\"height\":48,\"caption\":\"Truehost Kenya\"},\"image\":{\"@id\":\"https:\\\/\\\/truehost.com\\\/support\\\/#\\\/schema\\\/logo\\\/image\\\/\"}}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks -","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/","og_locale":"en_US","og_type":"article","og_title":"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks -","og_description":"Fail2Ban is a valuable tool for protecting Apache and Nginx from brute-force attacks by monitoring log files and temporarily banning IPs that show malicious behavior. Here\u2019s a step-by-step guide to setting it up. 1. Install and Configure Fail2Ban 2. Enable Default Fail2Ban Settings 3. Configure Apache Protection Optional: Protect Apache with apache-noscript This jail bans [&hellip;]","og_url":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/","article_modified_time":"2024-11-01T06:24:57+00:00","twitter_card":"summary_large_image","twitter_misc":{"Est. reading time":"1 minute"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"WebPage","@id":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/","url":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/","name":"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks -","isPartOf":{"@id":"https:\/\/truehost.com\/support\/#website"},"datePublished":"2024-10-31T19:19:50+00:00","dateModified":"2024-11-01T06:24:57+00:00","breadcrumb":{"@id":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/truehost.com\/support\/knowledge-base\/how-to-use-fail2ban-to-protect-apache-and-nginx-from-brute-force-attacks\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/truehost.com\/support\/"},{"@type":"ListItem","position":2,"name":"How to Use Fail2Ban to Protect Apache and Nginx from Brute-Force Attacks"}]},{"@type":"WebSite","@id":"https:\/\/truehost.com\/support\/#website","url":"https:\/\/truehost.com\/support\/","name":"","description":"Help In a Click","publisher":{"@id":"https:\/\/truehost.com\/support\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/truehost.com\/support\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/truehost.com\/support\/#organization","name":"Truehost Kenya","url":"https:\/\/truehost.com\/support\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/truehost.com\/support\/#\/schema\/logo\/image\/","url":"https:\/\/truehost.com\/support\/wp-content\/uploads\/2026\/04\/cropped-image_2026-04-16_174808866.png","contentUrl":"https:\/\/truehost.com\/support\/wp-content\/uploads\/2026\/04\/cropped-image_2026-04-16_174808866.png","width":240,"height":48,"caption":"Truehost Kenya"},"image":{"@id":"https:\/\/truehost.com\/support\/#\/schema\/logo\/image\/"}}]}},"_links":{"self":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs\/16332","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs"}],"about":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/types\/docs"}],"author":[{"embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/users\/9"}],"replies":[{"embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/comments?post=16332"}],"version-history":[{"count":5,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs\/16332\/revisions"}],"predecessor-version":[{"id":16375,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/docs\/16332\/revisions\/16375"}],"wp:attachment":[{"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/media?parent=16332"}],"wp:term":[{"taxonomy":"doc_category","embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/doc_category?post=16332"},{"taxonomy":"doc_tag","embeddable":true,"href":"https:\/\/truehost.com\/support\/wp-json\/wp\/v2\/doc_tag?post=16332"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}