Pentest Tools

Published on January 29th, 2016 📆 | 2510 Views ⚑


fail2web — fail2ban GUI

fail2web is a fail2ban GUI that communicates
with a fail2ban instance via fail2rest

[adsense size='1']

fail2ban allows you to administer the following

  • Failregex – Delete and add new failregexes
  • Banned IPs – Ban and Unban IP address
  • Per Jail Config – Configure find time, max retry and usedns per jail, and view the filelist per jail
  • Alerting – Notifications when an IP address is banned and unbanned with a user configurable time span
  • Regex Testing – Testing ignore+fail regexes on your current logs to quickly build and debug regexes
  • Reporting – Expose the time that an IP address was banned, and show trends via visualizations



fail2web communicates with fail2ban via a REST server called fail2rest before fail2web can be used you will need an operational fail2rest instance. fail2web has been reported to work on IE8 or newer, but is not actively tested on older platforms.



  • Install build requirements
    • nodejs and npm for browserify (not a runtime requirement)
  • Install libraries
    • execute npm install in the root of the fail2web repository
  • Building
    • When writing code run npm run watch this will rebuild web/bundle.js on every change
    • When deploying run npm run build this will build once and exit

[adsense size='2']

Deploying and Configuration

fail2web is best accessed via a HTTP server.  Fail2web has only one configuration option available via config.json in the root of the web folder. This config option allows you to specify the path to your fail2rest handler. Currently the config.json uses /api/ which is what all the example HTTP configs are configured to do.



It is very important that you configured fail2rest correctly, a public facing fail2rest server could be very dangerous (someone could add inclusive regexes, remove themselves from the banned IP lists etc..) Out of the box fail2rest has no authentication.


HTTP Basic Auth

The HTTP configs are both set to use HTTP basic auth, this and SSL should be the absolute minimum security requirements. In both HTTP configs you will see a placeholder with the label ofYOUR_HTPASSWD_FILE. To generate a HTTPASSWD file you can use the htpasswd util distributed with Apache HTTPD and htpasswd -c YOUR_HTPASSWD_FILE USERNAME will create it.


SSH Tunnel

It is recommend to serve fail2web/fail2rest on loopback only.

[adsense size='3']

Source && Download

Leave a Reply

Your email address will not be published.