{"id":55108,"date":"2022-05-19T14:59:19","date_gmt":"2022-05-19T14:59:19","guid":{"rendered":"\/tutorials\/?p=55108"},"modified":"2026-05-22T11:50:32","modified_gmt":"2026-05-22T11:50:32","slug":"fail2ban-configuration","status":"publish","type":"post","link":"\/ca\/tutorials\/fail2ban-configuration","title":{"rendered":"How to configure Fail2Ban to secure your Linux server"},"content":{"rendered":"<p>Fail2Ban is an open-source intrusion prevention tool that scans server log files and bans IP addresses after repeated failed login attempts.<\/p><p>It&rsquo;s commonly used to protect SSH access, but it can monitor any service that writes authentication failures to a log.<\/p><p>Configuring Fail2Ban protects your Linux server by monitoring log files and automatically banning IP addresses after repeated failed authentication attempts.<\/p><p>There are six main steps to set up Fail2Ban safely:<\/p><ol class=\"wp-block-list\">\n<li>Install Fail2Ban on your Linux distribution using its default package manager.<\/li>\n\n\n\n<li>Create a local override file, such as <strong>jail.local<\/strong>, to store custom settings without risking overwrites during package updates.<\/li>\n\n\n\n<li>Configure default ban settings, including <strong>ignoreip<\/strong>, <strong>bantime<\/strong>, <strong>findtime<\/strong>, and <strong>maxretry<\/strong>, in the <strong>[DEFAULT]<\/strong> section.<\/li>\n\n\n\n<li>Enable the SSH jail to protect SSH login attempts from brute-force attacks.<\/li>\n\n\n\n<li>Restart and verify Fail2Ban using <strong>sudo systemctl restart fail2ban<\/strong> and <strong>sudo fail2ban-client status<\/strong>.<\/li>\n\n\n\n<li>Manage banned IP addresses by unbanning trusted IPs with <strong>sudo fail2ban-client set sshd unbanip your-ip-address<\/strong> or manually banning suspicious ones.<\/li>\n<\/ol><p>The safest Fail2Ban configuration approach avoids editing stock files like <strong>jail.conf<\/strong> or <strong>fail2ban.conf<\/strong> directly. Use <strong>\/etc\/fail2ban\/jail.local<\/strong> for global settings and <strong>\/etc\/fail2ban\/jail.d\/custom.local<\/strong> for service-specific jails instead.<\/p><p>After applying changes, verify active jails with <strong>sudo fail2ban-client status<\/strong> and check SSH jail details with <strong>sudo fail2ban-client status sshd<\/strong>.<\/p><p>If Fail2Ban bans a trusted IP by mistake, remove it immediately with <strong>sudo fail2ban-client set sshd unbanip your-ip-address<\/strong>.<\/p><p><\/p><h2 class=\"wp-block-heading\" id=\"h-prerequisites-for-configuring-fail2ban\"><strong>Prerequisites for configuring Fail2Ban<\/strong><\/h2><p>Before starting, make sure you have:<\/p><ul class=\"wp-block-list\">\n<li>A Linux server, such as Ubuntu, Debian, CentOS, AlmaLinux, Rocky Linux, or Fedora, with root or sudo access.<\/li>\n\n\n\n<li><a href=\"\/ca\/tutorials\/what-is-ssh\">SSH access<\/a> to the server through a terminal client.<\/li>\n\n\n\n<li>An active firewall backend. Fail2Ban supports <a href=\"\/ca\/tutorials\/iptables-tutorial\">iptables<\/a>, nftables, UFW, and firewalld.<\/li>\n\n\n\n<li>Your trusted public IP address ready for allowlisting.<\/li>\n\n\n\n<li>A backup access method, such as a VPS console or recovery console, in case SSH access gets blocked.<\/li>\n<\/ul><p>    <p class=\"warning\">\n        <strong>Warning!<\/strong> Add your own IP address to the <strong>ignoreip<\/strong> setting before enabling SSH bans. Skipping this step can lock you out of your server. Keep at least one active SSH session open until you confirm Fail2Ban is working correctly.    <\/p>\n    \n\n\n\n<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-install-fail2ban\"><strong>How to install Fail2Ban<\/strong><\/h2><p>Fail2Ban is available in the default repositories of most major <a href=\"\/ca\/tutorials\/best-linux-distros\">Linux distributions<\/a>. The installation commands differ slightly by distro, but the post-installation steps are the same.<\/p><p><strong>Ubuntu and Debian<\/strong><\/p><p>Update the package index and install Fail2Ban:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo apt update\nsudo apt install fail2ban -y<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f64b092\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f64b092\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/terminal-ubuntu-apt-install-fail2ban-output-1024x574.png\" alt=\"Terminal output of the sudo apt install fail2ban command on Ubuntu\" class=\"wp-image-149232\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p><strong>CentOS, RHEL, AlmaLinux, and Rocky Linux<\/strong><\/p><p>On RHEL-based systems, Fail2Ban requires the Extra Packages for Enterprise Linux (EPEL) repository. Install EPEL first, then Fail2Ban:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo dnf install epel-release -y\nsudo dnf install fail2ban -y<\/pre><p><strong>Fedora<\/strong><\/p><p>Fedora includes Fail2Ban in its default repositories:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo dnf install fail2ban -y<\/pre><p><strong>Post-installation steps (all distributions)<\/strong><\/p><p>After installing Fail2Ban, enable the service to start automatically at boot and start it right away:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo systemctl enable fail2ban\nsudo systemctl start fail2ban<\/pre><p>Verify that Fail2Ban is running:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo systemctl status fail2ban<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f64c990\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f64c990\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/terminal-systemctl-status-fail2ban-active-running-1024x372.png\" alt=\"Fail2Ban systemctl status output showing the service as active and running\" class=\"wp-image-149233\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>The output should show <strong>active (running)<\/strong>. Press <strong>Ctrl + C<\/strong> to exit the view. If the service fails to start, check the logs with <strong>sudo journalctl -u fail2ban &ndash;no-pager<\/strong> for error details.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-configure-fail2ban-safely\"><strong>How to configure Fail2Ban safely<\/strong><\/h2><p>The Fail2Ban configuration hierarchy follows a specific order:<\/p><ul class=\"wp-block-list\">\n<li><strong>\/etc\/fail2ban\/fail2ban.conf<\/strong> and <strong>\/etc\/fail2ban\/fail2ban.local<\/strong> control global daemon settings, such as log level, socket, and PID file.<\/li>\n\n\n\n<li><strong>\/etc\/fail2ban\/jail.conf<\/strong> and <strong>\/etc\/fail2ban\/jail.local<\/strong> handle jail definitions and default ban behavior.<\/li>\n\n\n\n<li><strong>\/etc\/fail2ban\/jail.d\/*.local<\/strong> holds service-specific jail overrides.<\/li>\n<\/ul><p>Fail2Ban reads <strong>.conf<\/strong> files first, then applies <strong>.local<\/strong> files on top. Any setting you define in a <strong>.local<\/strong> file overrides its <strong>.conf<\/strong> counterpart, and anything you don&rsquo;t redefine stays at its <strong>.conf<\/strong> default.<\/p><h3 class=\"wp-block-heading\"><strong>Why should you use .local files instead of editing .conf files?<\/strong><\/h3><p>The package manager maintains default <strong>.conf<\/strong> files and may replace them during version upgrades. Settings in <strong>.local<\/strong> files stay untouched after updates because the package manager doesn&rsquo;t overwrite them.<\/p><p>Use <strong>jail.local<\/strong> for global jail settings like <strong>bantime<\/strong> and <strong>maxretry<\/strong>, and use <strong>jail.d\/sshd.local<\/strong> for SSH-specific overrides. This separation keeps your configuration organized and safe during upgrades.<\/p><h3 class=\"wp-block-heading\"><strong>How to create a jail.local file<\/strong><\/h3><p>Copy the default jail configuration to create your local override file:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo cp \/etc\/fail2ban\/jail.conf \/etc\/fail2ban\/jail.local\nsudo nano \/etc\/fail2ban\/jail.local<\/pre><p>The file contains hundreds of lines, and most of them are commented out with <strong>#<\/strong> at the start. Commented lines are inactive and have no effect on Fail2Ban. Scroll to the <strong>[DEFAULT]<\/strong> section near the top to start configuring.<\/p><p>For a cleaner SSH-specific setup, create a dedicated file in the <strong>jail.d\/<\/strong> directory instead:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo nano \/etc\/fail2ban\/jail.d\/sshd.local<\/pre><p>The <strong>jail.local<\/strong> approach is simpler when you&rsquo;re just getting started because all settings live in one file. The <strong>jail.d\/*.local<\/strong> approach works better when you&rsquo;re managing multiple services, as each service gets its own configuration file.<\/p><h3 class=\"wp-block-heading\"><strong>How to configure global Fail2Ban settings<\/strong><\/h3><p>Open <strong>jail.local<\/strong> and add or modify the <strong>[DEFAULT]<\/strong> section. Some settings like <strong>bantime<\/strong> and <strong>maxretry<\/strong> may already exist as commented lines. Remove the # at the start of a line to activate it, or add new lines below the section header.<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[DEFAULT]\nignoreip = 127.0.0.1\/8 ::1 your-ip-address\nbantime = 3600\nfindtime = 600\nmaxretry = 5\nbackend = auto<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f64e421\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f64e421\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/nano-jail-local-default-section-ban-settings-highlighted-1024x579.png\" alt=\"The [DEFAULT] section in jail.local with ignoreip and ban settings configured\" class=\"wp-image-149234\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>Each setting controls a specific part of Fail2Ban&rsquo;s ban behavior:<\/p><ul class=\"wp-block-list\">\n<li><strong>ignoreip<\/strong> lists trusted IP addresses that Fail2Ban should never ban. Replace <strong>your-ip-address<\/strong> with your actual public IP address, and add any management network ranges separated by spaces.<\/li>\n\n\n\n<li><strong>bantime<\/strong> sets how long a banned IP stays blocked, in seconds. A value of <strong>3600<\/strong> equals one hour, and the IP gets a fresh set of retries after the ban expires.<\/li>\n\n\n\n<li><strong>findtime<\/strong> sets the window for counting failed attempts. A value of <strong>600<\/strong> means Fail2Ban counts failures within a 10-minute window.<\/li>\n\n\n\n<li><strong>maxretry<\/strong> sets how many failed attempts within the <strong>findtime<\/strong> window trigger a ban. With a value of <strong>5<\/strong>, the sixth failure results in a ban.<\/li>\n\n\n\n<li><strong>backend<\/strong> controls how Fail2Ban reads log files. The <strong>auto<\/strong> value selects the best available method for your system, typically systemd on modern distributions.<\/li>\n<\/ul><p>Fail2Ban versions 0.10 and later also support time-based shorthand values like <strong>bantime = 1h<\/strong>, <strong>findtime = 10m<\/strong>, or <strong>bantime = 1d<\/strong> instead of raw seconds.<\/p><p>To make repeat offenders face progressively longer bans, add <strong>bantime.increment = true<\/strong> to the <strong>[DEFAULT]<\/strong> section. Each new ban for the same IP address then doubles in duration, which is more effective against persistent attackers than a fixed ban time.<\/p><h3 class=\"wp-block-heading\"><strong>How to configure the SSH jail<\/strong><\/h3><p>Add or modify the <strong>[sshd]<\/strong> section in <strong>jail.local<\/strong>, or create a dedicated <strong>jail.d\/sshd.local<\/strong> file:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[sshd]\nenabled = true\nport = ssh\nlogpath = %(sshd_log)s\nbackend = %(sshd_backend)s<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f64fdbb\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f64fdbb\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/nano-jail-local-sshd-section-enabled-1024x272.png\" alt=\"The [sshd] jail section in jail.local with enabled set to true\" class=\"wp-image-149235\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>The <strong>enabled = true<\/strong> line activates the SSH jail, which monitors SSH login attempts for repeated authentication failures. Fail2Ban doesn&rsquo;t activate jails by default in most configurations, so this line is required.<\/p><p>The <strong>%(sshd_log)s<\/strong> and <strong>%(sshd_backend)s<\/strong> variables automatically resolve to the correct log path and backend for your distribution.<\/p><p>On Ubuntu and Debian, the log path resolves to <strong>\/var\/log\/auth.log<\/strong>. RHEL-based systems use <strong>\/var\/log\/secure<\/strong> or the systemd journal.<\/p><p>If you&rsquo;ve changed your SSH port from the default <strong>22<\/strong>, replace <strong>port = ssh<\/strong> with your actual port number. For example:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">[sshd]\nenabled = true\nport = 2222\nlogpath = %(sshd_log)s\nbackend = %(sshd_backend)s<\/pre><p>Always confirm your IP is in the <strong>ignoreip<\/strong> list before applying stricter SSH rules, such as lower <strong>maxretry<\/strong> values or longer <strong>bantime<\/strong> durations.<\/p><h3 class=\"wp-block-heading\"><strong>How to choose the correct firewall action<\/strong><\/h3><p>Fail2Ban bans IP addresses by adding rules to your server&rsquo;s firewall. The correct <strong>banaction<\/strong> setting depends on which firewall your server uses.<\/p><figure tabindex=\"0\" class=\"wp-block-table\"><table><tbody><tr><td><strong>Firewall<\/strong><\/td><td><strong>banaction value<\/strong><\/td><\/tr><tr><td>iptables<\/td><td><strong>iptables-multiport<\/strong><\/td><\/tr><tr><td>UFW<\/td><td><strong>ufw<\/strong><\/td><\/tr><tr><td>firewalld<\/td><td><strong>firewallcmd-ipset<\/strong><\/td><\/tr><tr><td>nftables<\/td><td><strong>nftables-multiport<\/strong><\/td><\/tr><\/tbody><\/table><\/figure><p>To see all available actions on your server, list the contents of the action directory using the <a href=\"\/ca\/tutorials\/ls-command\">ls command<\/a>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">ls \/etc\/fail2ban\/action.d\/<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f651673\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f651673\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/terminal-ls-fail2ban-action-d-directory-listing-1024x571.png\" alt=\"Output of ls showing available Fail2Ban firewall action files\" class=\"wp-image-149236\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>If your server uses UFW, set <strong>banaction = ufw<\/strong> in the <strong>[DEFAULT]<\/strong> section of <strong>jail.local<\/strong>. Fail2Ban adds ban rules through UFW&rsquo;s command interface, so the two tools work together without conflicts.<\/p><p>If your server still needs a firewall, <a href=\"\/ca\/tutorials\/how-to-configure-firewall-on-ubuntu-using-ufw\">configure UFW on Ubuntu<\/a> before enabling Fail2Ban.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-restart-and-verify-fail2ban\"><strong>How to restart and verify Fail2Ban<\/strong><\/h2><p>Fail2Ban needs a restart or reload after any configuration change. Use <strong>fail2ban-client reload<\/strong> to apply changes without dropping existing bans, or <strong>systemctl restart<\/strong> for a full restart:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client reload<\/pre><p>If the reload doesn&rsquo;t pick up your changes, do a full service restart:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo systemctl restart fail2ban<\/pre><p><strong>systemctl<\/strong> is the standard tool for <a href=\"\/ca\/tutorials\/manage-and-list-services-in-linux\">managing Linux services<\/a> on modern distributions. Check whether Fail2Ban is running:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo systemctl status fail2ban<\/pre><p>View all active jails:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client status<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f65301d\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f65301d\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/terminal-fail2ban-client-status-sshd-jail-active-1024x185.png\" alt=\"Fail2Ban client status output showing one active jail named sshd\" class=\"wp-image-149237\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>The output lists the number of active jails and their names. To check the SSH jail specifically:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client status sshd<\/pre><p>This command shows current failed attempts, total failures since the service started, and the list of banned IP addresses. A healthy configuration shows the <strong>sshd<\/strong> jail as active with <strong>Currently banned: 0<\/strong>, or more if attacks have already occurred.<\/p><h3 class=\"wp-block-heading\"><strong>How to test that bans are actually working<\/strong><\/h3><p>Confirm that Fail2Ban bans IP addresses before you rely on it. From a separate machine or IP address, deliberately fail enough SSH logins to pass the <strong>maxretry<\/strong> threshold, then check the jail status:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client status sshd<\/pre><p>You should see the test IP in the banned list. Unban it after you&rsquo;ve confirmed the setup works:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client set sshd unbanip test-ip-address<\/pre><h2 class=\"wp-block-heading\" id=\"h-how-to-view-fail2ban-logs\"><strong>How to view Fail2Ban logs<\/strong><\/h2><p>The primary Fail2Ban log file is <strong>\/var\/log\/fail2ban.log<\/strong>. Use the <a href=\"\/ca\/tutorials\/how-to-use-tail-command\">tail command<\/a> to follow new entries in real time:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo tail -f \/var\/log\/fail2ban.log<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f654942\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f654942\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/terminal-tail-fail2ban-log-sshd-jail-started-1024x172.png\" alt=\"Fail2Ban log output showing the sshd jail started and operational\" class=\"wp-image-149238\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>Authentication logs vary by distribution. On Ubuntu and Debian, SSH login attempts go to <strong>\/var\/log\/auth.log<\/strong>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo tail -f \/var\/log\/auth.log<\/pre><p>On RHEL-based systems, including CentOS, AlmaLinux, Rocky Linux, and Fedora, the equivalent file is <strong>\/var\/log\/secure<\/strong>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo tail -f \/var\/log\/secure<\/pre><p>On systems that use systemd journald as the primary logging backend, view Fail2Ban entries with the <a href=\"\/ca\/tutorials\/journalctl-command\">journalctl command<\/a>:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo journalctl -u fail2ban<\/pre><p>Look for <strong>INFO [sshd] Found<\/strong> entries, which mean Fail2Ban detected a failed attempt, and <strong>NOTICE [sshd] Ban<\/strong> entries, which mean Fail2Ban banned an IP address. If you see <strong>Found<\/strong> entries but no <strong>Ban<\/strong> entries, the attempts haven&rsquo;t reached the <strong>maxretry<\/strong> threshold yet.<\/p><h2 class=\"wp-block-heading\" id=\"h-how-to-manage-banned-ip-addresses-in-fail2ban\"><strong>How to manage banned IP addresses in Fail2Ban<\/strong><\/h2><p>Fail2Ban may occasionally ban a trusted IP address by mistake, or you might want to block a suspicious IP before it reaches the retry limit. Use the <strong>fail2ban-client<\/strong> command for both tasks.<\/p><h3 class=\"wp-block-heading\"><strong>How to unban an IP address in Fail2Ban<\/strong><\/h3><p>Remove a banned IP address from the SSH jail:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client set sshd unbanip 192.0.2.1<\/pre><p>Replace <strong>192.0.2.1<\/strong> with the IP address you want to unban. This change takes effect immediately without restarting the service.<\/p><p>The most common reason you&rsquo;ll need this is accidental self-banning after entering the wrong SSH password too many times. If that happens, use a secondary access method, such as a VPS console, to run the unban command.<\/p><h3 class=\"wp-block-heading\"><strong>How to manually ban an IP address in Fail2Ban<\/strong><\/h3><p>Add an IP address to the SSH jail&rsquo;s ban list. For example:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client set sshd banip 198.51.100.1<\/pre><div class=\"wp-block-image\"><figure data-wp-context='{\"imageId\":\"6a1d29f6564a3\"}' data-wp-interactive=\"core\/image\" data-wp-key=\"6a1d29f6564a3\" class=\"aligncenter size-large wp-lightbox-container\"><img decoding=\"async\" data-wp-class--hide=\"state.isContentHidden\" data-wp-class--show=\"state.isContentVisible\" data-wp-init=\"callbacks.setButtonStyles\" data-wp-on--click=\"actions.showLightbox\" data-wp-on--load=\"callbacks.setButtonStyles\" data-wp-on-window--resize=\"callbacks.setButtonStyles\" src=\"https:\/\/www.hostinger.com\/tutorials\/wp-content\/uploads\/sites\/2\/2022\/05\/terminal-fail2ban-client-banip-sshd-command-1024x66.png\" alt=\"Terminal output after manually banning an IP address in the sshd jail\" class=\"wp-image-149239\"><button class=\"lightbox-trigger\" type=\"button\" aria-haspopup=\"dialog\" aria-label=\"Enlarge\" data-wp-init=\"callbacks.initTriggerButton\" data-wp-on--click=\"actions.showLightbox\" data-wp-style--right=\"state.imageButtonRight\" data-wp-style--top=\"state.imageButtonTop\">\n\t\t\t<svg xmlns=\"http:\/\/www.w3.org\/2000\/svg\" width=\"12\" height=\"12\" fill=\"none\" viewbox=\"0 0 12 12\">\n\t\t\t\t<path fill=\"#fff\" d=\"M2 0a2 2 0 0 0-2 2v2h1.5V2a.5.5 0 0 1 .5-.5h2V0H2Zm2 10.5H2a.5.5 0 0 1-.5-.5V8H0v2a2 2 0 0 0 2 2h2v-1.5ZM8 12v-1.5h2a.5.5 0 0 0 .5-.5V8H12v2a2 2 0 0 1-2 2H8Zm2-12a2 2 0 0 1 2 2v2h-1.5V2a.5.5 0 0 0-.5-.5H8V0h2Z\"><\/path>\n\t\t\t<\/svg>\n\t\t<\/button><\/figure><\/div><p>Manual bans are useful when you spot a suspicious IP in your logs before it reaches the <strong>maxretry<\/strong> threshold.<\/p><h2 class=\"wp-block-heading\" id=\"h-troubleshooting-common-fail2ban-configuration-issues\"><strong>Troubleshooting common Fail2Ban configuration issues<\/strong><\/h2><p>Fail2Ban configuration mistakes are the most common cause of setup problems. Here are issues you&rsquo;re likely to encounter after setting up or modifying Fail2Ban.<\/p><h3 class=\"wp-block-heading\"><strong>Fail2Ban is running but not banning IPs<\/strong><\/h3><p>Check whether the jail is active and receiving log data:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client status\nsudo fail2ban-client status sshd<\/pre><p>If the SSH jail shows zero failed attempts despite known login failures, the most likely causes are an incorrect <strong>logpath<\/strong> value, the wrong <strong>backend<\/strong> setting, or a jail that&rsquo;s missing <strong>enabled = true<\/strong>.<\/p><h3 class=\"wp-block-heading\"><strong>The SSH jail is not active<\/strong><\/h3><p>Confirm that the <strong>[sshd]<\/strong> section in <strong>jail.local<\/strong> or <strong>jail.d\/sshd.local<\/strong> includes <strong>enabled = true<\/strong>. Fail2Ban doesn&rsquo;t activate jails by default in most configurations.<\/p><p>After updating the jail file, restart the service and check the jail status again:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo systemctl restart fail2ban\nsudo fail2ban-client status sshd<\/pre><h3 class=\"wp-block-heading\"><strong>You are locked out of your server<\/strong><\/h3><p>If Fail2Ban bans your own IP, try one of these recovery options:<\/p><ul class=\"wp-block-list\">\n<li>Access the server from a different IP that&rsquo;s in the <strong>ignoreip<\/strong> allowlist.<\/li>\n\n\n\n<li>Log in through your hosting provider&rsquo;s VPS console or recovery console.<\/li>\n\n\n\n<li>Use another active SSH session, if you still have one open, to run the unban command.<\/li>\n<\/ul><p>Unban your IP address from the SSH jail:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client set sshd unbanip your-ip-address<\/pre><p>This is why adding your trusted IP to <strong>ignoreip<\/strong> matters. One SSH login session with too many typos can lock you out.<\/p><h3 class=\"wp-block-heading\"><strong>Fail2Ban doesn&rsquo;t start after editing jail.local<\/strong><\/h3><p>Test the configuration file for syntax errors:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo fail2ban-client -t<\/pre><p>If the test reports an error, check the service logs for details:<\/p><pre class=\"EnlighterJSRAW\" data-enlighter-language=\"generic\" data-enlighter-theme=\"\" data-enlighter-highlight=\"\" data-enlighter-linenumbers=\"\" data-enlighter-lineoffset=\"\" data-enlighter-title=\"\" data-enlighter-group=\"\">sudo journalctl -u fail2ban --no-pager<\/pre><p>Common causes include typos in the jail file, incorrect indentation, invalid action names, misspelled jail names, and unsupported time formats. Fix the reported issue, save the file, and run the configuration test again before restarting.<\/p><h2 class=\"wp-block-heading\" id=\"h-key-takeaways-for-configuring-fail2ban\"><strong>Key takeaways for configuring Fail2Ban<\/strong><\/h2><p>Fail2Ban is one layer in a broader <a href=\"\/ca\/tutorials\/vps-security\">Linux VPS security<\/a> strategy. It works best alongside SSH key authentication, properly configured firewall rules, regular software updates, and strong access control policies.<\/p><p>The safest Fail2Ban configuration workflow follows these steps:<\/p><ol class=\"wp-block-list\">\n<li>Install Fail2Ban using your distribution&rsquo;s package manager.<\/li>\n\n\n\n<li>Create <strong>.local<\/strong> override files instead of editing default <strong>.conf<\/strong> files.<\/li>\n\n\n\n<li>Add your trusted IP to <strong>ignoreip<\/strong>, then set <strong>bantime<\/strong>, <strong>findtime<\/strong>, and <strong>maxretry<\/strong> in the <strong>[DEFAULT]<\/strong> section.<\/li>\n\n\n\n<li>Enable the SSH jail with <strong>enabled = true<\/strong>, then verify the correct log path and backend.<\/li>\n\n\n\n<li>Reload or restart the service with <strong>sudo fail2ban-client reload<\/strong>.<\/li>\n\n\n\n<li>Verify active jails with <strong>sudo fail2ban-client status<\/strong> and <strong>sudo fail2ban-client status sshd<\/strong>.<\/li>\n\n\n\n<li>Test that bans work from a separate IP, then monitor <strong>\/var\/log\/fail2ban.log<\/strong> regularly.<\/li>\n<\/ol>\n","protected":false},"excerpt":{"rendered":"<p>Fail2Ban is an open-source intrusion prevention tool that scans server log files and bans IP addresses after repeated failed login attempts. It&rsquo;s commonly used to protect SSH access, but it can monitor any service that writes authentication failures to a log. Configuring Fail2Ban protects your Linux server by monitoring log files and automatically banning IP [&#8230;]<\/p>\n<p><a class=\"btn btn-secondary understrap-read-more-link\" href=\"\/ca\/tutorials\/fail2ban-configuration\">Read More&#8230;<\/a><\/p>\n","protected":false},"author":411,"featured_media":144971,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"rank_math_title":"How to configure Fail2Ban for Linux server security","rank_math_description":"Learn how to configure Fail2Ban on Linux using safe .local override files, SSH jail setup, ban settings, verification commands, and troubleshooting tips.","rank_math_focus_keyword":"fail2ban configuration","footnotes":""},"categories":[22699],"tags":[],"class_list":["post-55108","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-vps"],"hreflangs":[{"locale":"en-US","link":"https:\/\/www.hostinger.com\/tutorials\/fail2ban-configuration","default":0},{"locale":"en-UK","link":"https:\/\/www.hostinger.com\/uk\/tutorials\/fail2ban-configuration","default":0},{"locale":"en-MY","link":"https:\/\/www.hostinger.com\/my\/tutorials\/fail2ban-configuration","default":0},{"locale":"en-PH","link":"https:\/\/www.hostinger.com\/ph\/tutorials\/fail2ban-configuration","default":0},{"locale":"en-IN","link":"https:\/\/www.hostinger.com\/in\/tutorials\/fail2ban-configuration","default":0},{"locale":"en-CA","link":"https:\/\/www.hostinger.com\/ca\/tutorials\/fail2ban-configuration","default":0},{"locale":"en-AU","link":"https:\/\/www.hostinger.com\/au\/tutorials\/fail2ban-configuration","default":0},{"locale":"en-NG","link":"https:\/\/www.hostinger.com\/ng\/tutorials\/fail2ban-configuration","default":0}],"_links":{"self":[{"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/posts\/55108","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/users\/411"}],"replies":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/comments?post=55108"}],"version-history":[{"count":17,"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/posts\/55108\/revisions"}],"predecessor-version":[{"id":144970,"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/posts\/55108\/revisions\/144970"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/media\/144971"}],"wp:attachment":[{"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/media?parent=55108"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/categories?post=55108"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.hostinger.com\/ca\/tutorials\/wp-json\/wp\/v2\/tags?post=55108"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}