ERPNext stop responding to a specific ip address because of Fail2Ban

Fail2ban is blocking my ip address and I’m not sure why.

Same thing at work. I’m on ubuntu.

What can be do to prevent nginx-proxy jail to block my ip?
I can whitelist my ip but I dont have a static one so any suggestions?

could be possible to take a look at nginx-proxy.conf?

same thing happens with me

If your connection coming from a fix IP address you can add it to ignoreip in jail.conf

# "ignoreip" can be an IP address, a CIDR mask or a DNS host. Fail2ban will not
# ban a host which matches an address in this list. Several addresses can be
# defined using space (and/or comma) separator.
ignoreip = 127.0.0.1/8

Furthermore, do you have also SELinux or AppArmor enabled?
First, try to disable it and check if you are banned again.
If problem persists, re-enable SELinux and modify nginx-proxy.conf like this:

[nginx-proxy]
enabled = true
filter = nginx-proxy
logpath = /var/log/nginx/access.log
action = iptables-multiport[name=NoNginxProxy, port="http,https"]
maxretry = 10
bantime  = 60
findtime = 120

Increase maxretry to 10, reduce bantime to 60 seconds, reduce findtime to 120 seconds.
This, of course, must be balanced between the grade of security you want and the block that you receiving.

1 Like

Run this in terminal

/etc/init.d/fail2ban stop
2 Likes

Thanks for your suggestions.
The access.log seems to show multiple 499 errors and I guess it’s the reason why.

This helped, thanks.

i don’t think this the right solution … stopping fail2ban you will lose your protection against DDos attacks , if you check the log of fail2ban you will see the action against ip address [ban] … this is happen because the ip is using your server as forward proxy , to attack other servers and hide there trace . any way this is what i understand after a 2 days search . i think this machine is infected with something that causing this behavior. still searching for solution without stopping fail2ban .

just add your ip to the ignore list. You must do that every time your ip change… That is the best way to do it right now or get a fixed ip

Hi, did you reach anywhere with your investigation?

I am also having this problem. Many logged in users get banned by fail2ban because of heavy works on the ERPNext UI. Had this problem for years now and never thought that fail2ban would block any logged-in users. But finally I checked the logs and found the banned ips.

Is there any way to keep fail2ban from messing with users, which are already logged into ERPNext successful?