From b9d88b725fdcbe24819d0949328fc3bfb5bc1840 Mon Sep 17 00:00:00 2001
From: Tom Hughes <tom@compton.nu>
Date: Mon, 9 Mar 2026 12:34:55 +0000
Subject: [PATCH] Disable apache log based fail2ban jails on web frontends

---
 cookbooks/web/recipes/frontend.rb | 14 +++-----------
 1 file changed, 3 insertions(+), 11 deletions(-)

diff --git a/cookbooks/web/recipes/frontend.rb b/cookbooks/web/recipes/frontend.rb
index 0132c99c1..86769cbb4 100644
--- a/cookbooks/web/recipes/frontend.rb
+++ b/cookbooks/web/recipes/frontend.rb
@@ -98,9 +98,7 @@ fail2ban_filter "apache-request-timeout" do
 end
 
 fail2ban_jail "apache-request-timeout" do
-  filter "apache-request-timeout"
-  logpath "/var/log/apache2/access.log"
-  ports [80, 443]
+  action :delete
 end
 
 fail2ban_filter "apache-trackpoints-timeout" do
@@ -108,11 +106,7 @@ fail2ban_filter "apache-trackpoints-timeout" do
 end
 
 fail2ban_jail "apache-trackpoints-timeout" do
-  filter "apache-trackpoints-timeout"
-  logpath "/var/log/apache2/access.log"
-  ports [80, 443]
-  bantime "12h"
-  findtime "30m"
+  action :delete
 end
 
 fail2ban_filter "apache-notes-search" do
@@ -120,9 +114,7 @@ fail2ban_filter "apache-notes-search" do
 end
 
 fail2ban_jail "apache-notes-search" do
-  filter "apache-notes-search"
-  logpath "/var/log/apache2/access.log"
-  ports [80, 443]
+  action :delete
 end
 
 if %w[database_offline database_readonly].include?(node[:web][:status])
-- 
2.39.5