Gitlab and fail2ban

Hi,

I’m trying to create a filter in fail2ban for Gitlab failed logins. The problem is that I can’t find a difference between failed and successful attempts.

This is what I have when I login successfully in /var/log/gitlab/nginx/gitlab_access.log:

192.168.0.200 - - [08/Dec/2016:12:29:22 +0100] “POST /gitlab/users/auth/ldapmain/callback HTTP/1.0” 302 95 “https://example.com/gitlab/users/sign_in” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0”
192.168.0.200 - - [08/Dec/2016:12:29:22 +0100] “GET /gitlab/ HTTP/1.0” 200 14751 “https://example/gitlab/users/sign_in” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0”

This is what I have with a failed login in /var/log/gitlab/nginx/gitlab_access.log:

192.168.0.200 - - [08/Dec/2016:12:29:58 +0100] “POST /gitlab/users/auth/ldapmain/callback HTTP/1.0” 302 108 “https://example.com/gitlab/users/sign_in” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0”
192.168.0.200 - - [08/Dec/2016:12:29:58 +0100] “GET /gitlab/users/sign_in HTTP/1.0” 200 8754 “https://example.com/gitlab/users/sign_in” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:50.0) Gecko/20100101 Firefox/50.0”

I can see that with a successful login, I get “GET /gitlab/ HTTP/1.0” 200…" which with the failed one, I get “GET /gitlab/users/sign_in HTTP/1.0…” but this is also the case when I just refresh the page “GET /gitlab/users/sign_in HTTP/1.0…”

It seems that what was discussed here can’t be applied anymore https://github.com/gitlabhq/gitlabhq/issues/1001

Any ideas? Am I missing something?

1 Like

No idea guys?