For those who want to track brute force attacks on the http/dav serve remotes.
# Fail2Ban filter for unsuccesfull authentication attempts # # [INCLUDES] # Read common prefixes. If any customizations available -- read them from # common.local before = common.conf [Definition] failregex = INFO : /.*: <HOST>:\d+: Unauthorized request from\s* ignoreregex = [Init] datepattern = %%Y/%%m/%%d %%H:%%M:%%S
[rclonehttp] enabled = true filter = rclonehttp port = 7444,6444 logpath = /data/log/rclonehttp.log tail [rclonedavs] enabled = true filter = rclonehttp port = 7443,6443 logpath = /data/log/rclonedavs.log tail