Templates
Templates define fail2ban jail configurations that can be deployed to servers.
Builtin Templates
Bloqd includes 20+ pre-configured templates:
Common
| Template | Description |
|---|---|
sshd | SSH brute force protection |
recidive | Bans repeat offenders longer |
Web Servers
| Template | Description |
|---|---|
nginx-http-auth | HTTP Basic Auth failures |
nginx-botsearch | Bot scanners (404 errors) |
apache-auth | Apache authentication failures |
apache-badbots | Malicious user agents |
apache-overflows | Buffer overflow attempts |
Mail
| Template | Description |
|---|---|
postfix | Postfix authentication failures |
postfix-sasl | SASL authentication failures |
dovecot | Dovecot IMAP/POP3 failures |
Mailcow
| Template | Description |
|---|---|
mailcow-sasl | Mailcow SASL failures |
mailcow-pregreet | Pre-greeting protocol violations |
mailcow-dnsbl | DNSBL rejections |
mailcow-sogo | SOGo webmail failures |
mailcow-rspamd | Rspamd spam filter blocks |
Databases
| Template | Description |
|---|---|
mysqld-auth | MySQL authentication failures |
mongodb-auth | MongoDB authentication failures |
Web Applications
| Template | Description |
|---|---|
wordpress | WordPress login failures |
wordpress-hard | Aggressive WordPress protection |
phpmyadmin | phpMyAdmin login failures |
nextcloud | Nextcloud login failures |
grafana | Grafana login failures |
Virtualization
| Template | Description |
|---|---|
proxmox | Proxmox VE login failures |
proxmox-ssh | Proxmox SSH access |
proxmox-spiceproxy | SPICE proxy failures |
Template Structure
Each template consists of:
Filter Configuration
Defines the regex patterns to match log entries:
[Definition]
failregex = ^<HOST> - .* "POST /wp-login.php .* 200
ignoreregex =
datepattern = ^%%d/%%b/%%Y:%%H:%%M:%%S %%z
Jail Configuration
Defines how fail2ban handles matches:
[wordpress]
enabled = true
port = http,https
filter = wordpress
logpath = /var/log/nginx/access.log
maxretry = 5
findtime = 600
bantime = 3600
action = %(action_)s
bloqd-report
Using Templates
During Server Setup
- Add a new server
- Select templates from the list
- Configure settings per template:
- Log path (if different from default)
- Max retry
- Find time
- Ban time
- Generate install command
Adding to Existing Server
- Go to server detail page
- Click Edit Config
- In the Add Jails section, select new templates
- Configure settings
- Save changes
Agent applies changes on next sync.
Custom Templates (Personal+)
Create your own templates for custom applications.
Create New Template
- Go to Templates page
- Click Create Template
- Fill in details:
- Name: Unique identifier (e.g.,
my-app) - Category: Organization category
- Description: What this template protects
- Name: Unique identifier (e.g.,
- Define the filter:
[Definition]
failregex = ^<HOST> .* authentication failed
ignoreregex = - Define the jail config:
[my-app]
enabled = true
port = 8080
filter = my-app
logpath = /var/log/my-app/access.log
maxretry = 3 - Save template
Copy Existing Template
- Find a builtin template
- Click Copy action
- Modify as needed
- Save with new name
Template Variables
Use placeholders for dynamic values:
| Placeholder | Description |
|---|---|
__LOGPATH__ | Log file path |
__PORT__ | Service port |
__MAXRETRY__ | Max retry count |
__FINDTIME__ | Find time window |
__BANTIME__ | Ban duration |
These are replaced with actual values during deployment.
Docker Templates
For containerized applications, use the Docker log source:
- Set Is Docker to true
- Specify Container Name
- Bloqd creates a log streaming service
Example for a custom Docker app:
- Container:
my-docker-app - Log path:
/var/log/bloqd/my-docker-app.log
Testing Templates
Test Filter Regex
Before deploying, test your filter:
- Go to template edit page
- Click Test Filter
- Paste sample log lines
- Verify matches
Preview Configuration
See the generated configuration:
- Click Preview on template
- Enter sample values
- View generated filter.conf and jail.conf
Filter Syntax
Basic Regex
failregex = ^<HOST> .* "Failed password"
<HOST>- Special placeholder for IP extraction^- Start of line.*- Match any characters
Multiple Patterns
failregex = ^<HOST> .* "authentication failure"
^<HOST> .* "invalid user"
Ignore Patterns
ignoreregex = ^<HOST> .* "successful login"
Date Patterns
datepattern = ^%%Y-%%m-%%d %%H:%%M:%%S
^%%d/%%b/%%Y:%%H:%%M:%%S
Best Practices
- Test before deploying - Always test filters with real log samples
- Start conservative - Begin with higher maxretry, lower as needed
- Document filters - Add comments explaining regex patterns
- Use categories - Organize templates by service type
- Version control - Keep backups of custom templates