Skip to content

Instantly share code, notes, and snippets.

@drmalex07
drmalex07 / README-fail2ban-keycloak.md
Last active July 29, 2024 21:25
Use fail2ban to block brute-force attacks to keycloak server. #keycloak #fail2ban #brute-force-attack

Add regular-expression filter under /etc/fail2ban/filter.d/keycloak.conf:

[INCLUDES]

before = common.conf

[Definition]

_threadName = [a-z][-_0-9a-z]*(\s[a-z][-_0-9a-z]*)*
_userId = (null|[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})