Effective Protection Against Bot Attacks on Odoo Servers with Fail2Ban

Effective Protection Against Bot Attacks on Odoo Servers with Fail2Ban

Systems running on Odoo infrastructure can sometimes face performance issues due to unauthorized scans and malicious bot activities. Particularly, inappropriate HTTPS requests directed to the HTTP port can cause errors in werkzeug logs on servers, leading to system slowdowns and restarts.

In this article, we share step by step a Fail2Ban configuration developed to automatically block unwanted requests on Odoo servers. With this lightweight, software-based, and effective method, system performance is improved while ensuring that log files remain more meaningful.

What is Fail2Ban and Why It Should Be Integrated?

Fail2Ban detects erroneous attempts that match specific patterns by analyzing server logs and automatically blocks these IP addresses. Through this approach, the Odoo server gains proactive protection against the following threats:

• Scanner requests to known attack paths (e.g., /login, /cgi-bin)
• Continuous failed bot activities that fill up log files
• Unnecessary connections that exceed Odoo's thread limits

Step by Step Configuration of Fail2Ban

1. Fail2Ban Setup

As the first step, we need to install fail2ban to our system.

sudo apt update  

sudo apt install fail2ban

2. Configuring a Specialized Filter for Odoo

The custom filter below detects common URL patterns targeted by bots:

sudo nano /etc/fail2ban/filter.d/nginx-odoo.conf

‍

Content:

[Definition]

failregex = ^<HOST> -.*"(GET|POST).*(/login|/cgi-bin|/web/database/selector|/manage/account|/+CSCOE+|/doc/index.html|/robots.txt).*" (404|400|403)

ignoreregex =

3. Jail Configuration

For Fail2Ban to work according to this filter, the following structure is added to the jail.local file:

sudo nano /etc/fail2ban/jail.local

[nginx-odoo]

enabled = true

port = http,https

filter = nginx-odoo

logpath = /var/log/nginx/access.log

maxretry = 5

findtime = 600

bantime = 3600

By this config, IP is banned for 5 hours if 5 unsuccessful requests are present in the last 10 minutes.

4. Fail2Ban Reboot

sudo systemctl restart fail2ban  

sudo fail2ban-client status nginx-odoo

5. Testing

The status of the config can be checked by the following Curl commands.

curl -k https://[domain]/cgi-bin/test  

curl -k https://[domain]/+CSCOE+/logon.html

After a while from these requests, you can see that your IP address has been blocked and access has been cut off.

Improve System Performance by Blocking Unauthorized Access

Thanks to the Fail2Ban configuration:

• Odoo log files remain clean and organized.
• Thread locks and system reload issues are eliminated.
• Effective flltering is implemented without a load to the mainframe.
• The system automatically detects and responds to the bot activity.

Morever, manual override to unban an IP address, the following command can be used:

sudo fail2ban-client unban <ip>

Proactive and Lightweight Security Layer for Odoo.

This configuration provided with Fail2Ban is one of the simplest yet most effective methods that can be applied to increase security and stability on Odoo servers. Especially in production environments, this measure is of critical importance to prevent unnecessary interventions and maintain log quality.

It should not be forgotten that this structure is not "set and forget"; it is a security layer that should be continuously active on every enterprise server.‍