From f433996f69dc4bc540b58227843d9d740642ceb6 Mon Sep 17 00:00:00 2001
From: "srvproxy001.itguys.com.br" <srvproxy001.itguys.com.br@itguys.com.br>
Date: Mon, 15 Sep 2025 21:13:37 -0300
Subject: [PATCH] =?UTF-8?q?[Auto-Sync]=20Atualiza=C3=A7=C3=A3o=20das=20con?=
 =?UTF-8?q?figura=C3=A7=C3=B5es=20em=20srvproxy001.itguys.com.br=20-=20202?=
 =?UTF-8?q?5-09-15=2021:13:37?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 fail2ban/filter.d/nginx-json-gitea.conf | 7 +++++++
 fail2ban/jail.local                     | 9 +++++++++
 2 files changed, 16 insertions(+)
 create mode 100644 fail2ban/filter.d/nginx-json-gitea.conf

diff --git a/fail2ban/filter.d/nginx-json-gitea.conf b/fail2ban/filter.d/nginx-json-gitea.conf
new file mode 100644
index 0000000..af736b1
--- /dev/null
+++ b/fail2ban/filter.d/nginx-json-gitea.conf
@@ -0,0 +1,7 @@
+# /etc/fail2ban/filter.d/nginx-json-gitea.conf
+[Definition]
+# Regra 1: Deteta múltiplas requisições POST para a página de login.
+failregex = ^.*"remote_addr":"<HOST>".*"method":"POST".*"uri":"/user/login".*$
+            # Regra 2: Deteta erros 404.
+            ^.*"remote_addr":"<HOST>".*"status":404,.*$
+ignoreregex =
diff --git a/fail2ban/jail.local b/fail2ban/jail.local
index 8391edf..b53a9bd 100644
--- a/fail2ban/jail.local
+++ b/fail2ban/jail.local
@@ -45,3 +45,12 @@ banaction = %(banaction_allports)s
 bantime  = 1w
 findtime = 1d
 maxretry = 3
+
+[gitea]
+enabled  = true
+port     = http,https
+filter   = nginx-json-gitea
+logpath  = /var/log/nginx/access.log
+maxretry = 5
+findtime = 5m
+bantime  = 1h