Only followed the documentation for fail2ban and successfully installed and running but I tried to ban myself using my phone data but when I check the fail2ban status for nextcloud no IP is ban and can still access the nextcloud.
If I had to guess, I would say that it is somehow related to the log file. Fail2ban uses the log file of Nextcloud to ban IPs. Here a few things you could check…
Does the “logpath” parameter in your jail point to the correct Nextcloud log file?
Is this log file really used and updated by Nextcloud?
Were the regex rules copied correctly into the filter file? No line breaks or additional characters in between?
ist the fail2ban service up and running? Check with: systemctl status fail2ban
only to clarify when fail2ban block ip when reached the maxretry or need to wait the findtime, i tried to set findtime to only 5min (300)but nothing happens
Does the the timezone of your logfile match the timezone of your server? And does your logfile actualy contain the entries for the failed login atempts, respectively does the logging actualy work?
You can check the timezone of your system with timedatectl…
timedatectl
Local time: Mo 2021-05-31 06:55:35 CEST
Universal time: Mo 2021-05-31 04:55:35 UTC
RTC time: Mo 2021-05-31 04:55:36
Time zone: Europe/Berlin (CEST, +0200)
System clock synchronized: yes
systemd-timesyncd.service active: yes
RTC in local TZ: no
…and change it with
timedatectl set-timezone Europe/Berlin
And make sure you have the following parameters set in the config.php
Sure. Normaly you use use the time zone you are actualy live in. Or you could us UTC everywhere. But I would not recommend that for small bussiness or home environments…
Either way… The key point in order for Fail2ban to work is that the timezone of your log matches the timezone of the system.