I use a nginx reverse proxy then fail2ban with a custom filter for 403 Forbidden
if you enter the wrong details for login node-red will send back 403 Forbidden
I'm not going to cover how to setup a nginx reverse proxy here or installing fail2ban but here is how I setup fail2ban for rejecting failed login attempts and other failed requests on the server.
Create a new fail2ban filter for 404, 444, 403, 400 responses from the server.
$ sudo nano /etc/fail2ban/filter.d/nginx-4xx.conf
add the following to the file
[Definition]
failregex = ^<HOST>.*"(GET|POST).*" (404|444|403|400) .*$
ignoreregex =
exit and save changes to file
CTRL+x
Now, edit your /etc/fail2ban/jail.conf, to use the new filter we created and ban after 3 failed attempts.
$ sudo nano /etc/fail2ban/jail.conf
add/edit the following in the file
[nginx-4xx]
enabled = true
port = http,https
logpath = %(nginx_access_log)s
maxretry = 3
exit and save changes to file
CTRL+x
restart fail2ban
$ sudo service fail2ban restart
check that the new rule is working
$ sudo fail2ban-client status nginx-4xx
now the user will be banned for the amount of time you have set in fail2ban after 3 failed attempts
you can check this is working with the logs.
$ sudo cat /var/log/fail2ban.log | grep Ban
and in nginx
$ sudo cat /var/log/nginx/access.log