# Openhab brute force auth filter: /etc/fail2ban/filter.d/openhab.conf: # # Block IPs trying to auth openhab by web or rest api # # Matches e.g. # 12.34.33.22 - - [26/sept./2015:18:04:43 +0200] "GET /openhab.app HTTP/1.1" 401 1382 # 175.18.15.10 - - [02/sept./2015:00:11:31 +0200] "GET /rest/bindings HTTP/1.1" 401 1384 [Definition] failregex = ^\s+-\s+-\s+\[\]\s+"[A-Z]+ .*" 401 \d+\s*$ datepattern = %%d/%%b[^/]*/%%Y:%%H:%%M:%%S %%z