Fail2Ban or similar for public App access?

spook · May 19, 2025, 3:50am

Are you using our SaaS platform (Baserow.io) or self-hosting Baserow?

Self-hosted

What do you need help with?

I was wondering is anyone has had any success (or the Baserow team might be able to give suggestions) with implementing Fail2Ban with Baserow (or some other Brute-force prevention). Looking at the Docker logs, I can see that a failed login has been logged, but it doesn’t give the origin IP or anything that I could use to configure Fail2Ban:

[BACKEND][2025-05-19 03:39:40] WARNING 2025-05-19 03:39:40,858 django.request.log_response:241- Unauthorized: /api/user-source/900/token-auth.

There is another thread talking about 2FA, but in the meantime, it feels like putting a BaseRow app on the public web might be opening it up for brute force attacks. One work-around I have played with for a couple of my applications is a CloudFlare tunnel, but this has its own issues (it’s a pain for the API etc). Any suggestions are appreciated in advance.

spook · May 19, 2025, 4:27am

In the meantime - if anyone is paranoid like me, I created a script that will check the Docker logs for failed logins. you can at least tweak this so you can get notifications if someone is trying to brute force your application.

#!/bin/bash

MINUTES=30
CONTAINER_NAME="baserow"
END_TIME=$(date +"%Y-%m-%dT%H:%M:%S")
START_TIME=$(date -d "$MINUTES minutes ago" +"%Y-%m-%dT%H:%M:%S")

docker logs --since "$START_TIME" --until "$END_TIME" "$CONTAINER_NAME" 2>&1 | \
grep -E 'Unauthorized: /api/(user/token-auth/|user-source/[0-9]+/token-auth)' | \
sed -E 's/\x1B(\[[0-9;]*[mK]|\(B)//g'

Adjust the variables to suit your installation.