koldfront

fail2ban stall #ai #fail2ban

๐Ÿ•š๏ธŽ - 2026-05-06 - ๐ŸŸŠ 1 - โ™บ 2
Subset of my fail2ban graph of the last week

In January I added a new jail to my fail2ban configuration: apache-aibots. It's a simple regular expression match of two AI crawlers that do not respect robots.txt. Because of course they don't.

This evening I noticed that there was a bunch of hits to my demo calendar website from these AI crawlers, and they weren't getting blocked. Oh no!

I haven't figured out why fail2ban started failing me - the log file did not reveal anything, and using fail2ban-regex accesslogsnippet /etc/fail2ban/filter.d/apache-aibots.conf reported that 99 of 100 lines matched, so the regular expression is still good.

fail2ban-client status apache-aibots reported 0 IPs in jail, and 517 total banned.

So I restarted the fail2ban service, and - as you can see on the graph above - quickly 135 IPs got banned - nice!

Still haven't figured out why it failed, though, but in the future I will look at the graph when I notice the increased number of log entries scrolling by.

๐Ÿ•š๏ธŽ - 2026-05-06 - 1 comment - ๐ŸŸŠ 1 - โ™บ 2

@blog

are you saying that fail2ban failed by failing to ban?

- Ed W8EMV :city_ann_arbor: ๐Ÿ•“๏ธŽ - 2026-05-07

+=

Add comment

How to comment, in excruciating detailโ€ฆ

To avoid spam many websites make you fill out a CAPTCHA, or log in via an account at a corporation such as Facebook, Google or even Microsoft GitHub.

I have chosen to use a more old school method of spam prevention.

To post a comment here, you need to:

  • Configure a newsreaderยน to connect to the server koldfront.dk on port 1119 using nntps (nntp over TLS).
  • Open the newsgroup called lantern.koldfront and post a follow up to the article.
ยน Such as Thunderbird, Pan, slrn, tin or Gnus (part of Emacs).

Or, you can fill in this form:

+=