Fail2ban is an intrusion prevention software designed to protect servers from brute force attacks. It can run on POSIX systems that have a locally installed network traffic control interface or firewall, such as iptables or TCP Wrapper.

Fail2ban monitors log files (e.g., /var/log/secure.log, /var/www/roxy-wi/log/roxy-wi.log, etc.) for specific entries and runs scripts in response. Its primary function is to block IP addresses that may belong to hosts attempting to compromise the system's security. It can ban any host IP address that makes excessive login attempts or engages in other undesirable actions within a time frame defined by the administrator. Fail2ban supports both IPv4 and IPv6. Additionally, it allows for custom-configured longer bans for "recidivists" who repeatedly attempt to breach security. Typically, Fail2ban is configured to automatically unban a blocked host after a specified period.

Roxy-WI has supported Fail2ban since v4.3.0. Fail2ban provides protection for SSH, Roxy-WI, and Apache against various brute force attacks.

icon
Fail2ban is disabled by default. You can enable it in the Admin area => Tools section.
Fail2ban activation