After Fail2ban/firewalls integration cant access https

July 7, 2014 1.7k views

After integrating fail2ban, and some basic firewalls, we can no longer access our site(s) through https.

Ubuntu 14, nginx, wp/magento on same server. 2 SSL certs.

Error logs print out:

Access forbidden by rule, client: 107.170.204.55, server: shop.stickybumps.com, request: "POST /app/etc/local.xml HTTP/1.1", host: "shop.stickybumps.com"

'sudo netstat -plutn | grep :443' prints out:

tcp        0      0 0.0.0.0:443             0.0.0.0:*               LISTEN      4774/nginx

Any help would be greatly appreciated!

-Constantine

4 Answers

Also, 'sudo iptables -S' returns this:

-P INPUT ACCEPT
-P FORWARD ACCEPT
-P OUTPUT ACCEPT
-N fail2ban-nginx-http-auth
-N fail2ban-ssh
-N udp-flood
-A INPUT -p tcp -m multiport --dports 80,443 -j fail2ban-nginx-http-auth
-A INPUT -p tcp -m multiport --dports 22 -j fail2ban-ssh
-A INPUT -i lo -j ACCEPT
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -p tcp -m tcp --dport 22 -j ACCEPT
-A INPUT -p tcp -m tcp --dport 80 -j ACCEPT
-A INPUT -j DROP
-A OUTPUT -p udp -j udp-flood
-A fail2ban-nginx-http-auth -j RETURN
-A fail2ban-ssh -j RETURN
-A udp-flood -p udp -m limit --limit 50/sec -j RETURN
-A udp-flood -j LOG --log-prefix "UDP-flood attempt: "
-A udp-flood -j DROP

Running nmap on your IP only show ports 80 and 22 to be open. HTTPS traffic is on port 443. I'd explicitly open port 443 with:

sudo iptables -A INPUT -p tcp --dport 443 -j ACCEPT

Hey Andrew,

Thanks for your help. Ran that command, as well as:

fuser -k 80/tcp 
fuser -k 443/tcp
service nginx start

but still no dice.

You need to remove the "DROP everything" rule and use the default policy setting instead:

sudo iptables -D INPUT -j DROP
sudo iptables -P INPUT DROP
Have another answer? Share your knowledge.