Skip to main content

Firewall

Through the firewall panel, it is possible to ban specific IPs to access your API. Fusio contains also a fail2ban logic to automatically ban specific IPs in case they have produced too many error responses.

Configuration

Name

The name of your firewall rule.

Type

Whether to deny or allow the request.

IP

The target IPv4 or IPv6.

Expire

Optional a date at which the ban expires.

Fail2ban

By default, Fusio contains a fail2ban logic to automatically ban specific IPs in case they have produced too many client error responses. In case a user tries a brute force attack on the authorization endpoint, we automatically ban the IP for 5 minutes in case the user has produced more than 32 error responses. You can adjust this behavior at the configuration.php file s.

'fusio_firewall_ignoreip'  => [],
'fusio_firewall_bantime' => 'PT5M',
'fusio_firewall_findtime' => 'PT2M',
'fusio_firewall_maxretry' => 32,
'fusio_firewall_codes' => [],

fusio_firewall_ignoreip

Optional an array of trusted IPs which are excluded from the fail2ban logic, this means they never automatically get baned.

fusio_firewall_bantime

The time window how long the IP should be banned.

fusio_firewall_findtime

The time window in which we look for error responses.

fusio_firewall_maxretry

The number of error responses which are allowed.

fusio_firewall_codes

Optional a list of specific error codes which should be considered. In case you want to only handle i.e. 401 and 429 error codes you could use [401, 429] all other error codes like 400 are then ignored.