To help prevent brute force login attempts, ITFlow automatically blocks IP addresses that fail 15 login attempts in 10 minutes. This only applies to logins to the technician portal, but not the API or the Client Portal.
You can use Fail2Ban to help prevent Brute Force attacks against ITFlow using the below steps:
Install Fail2Ban
sudo apt install fail2banSet up a filter
sudo nano /etc/fail2ban/filter.d/apache-itflow-filter.conf:-[Definition] failregex = ^<HOST> .+\“ 401 \d+ .*$Create the jail
sudo nano /etc/fail2ban/jail.local:-[apache-itflow]enabled = trueport = http,httpsfilter = apache-itflow-filterlogpath = /var/log/apache2/access.logfindtime = 10mmaxretry = 5bantime = 10mEnable Fail2Ban
sudo systemctl enable fail2bansudo systemctl start fail2banCheck it works!
sudo tail -F /var/log/fail2ban.log