[Icecast] Securing the Icecast admin page
db76 at riseup.net
Wed Jan 19 12:02:23 UTC 2022
Your response helps a lot. I appreciate the information you have provided.
> On 18 Jan 2022, at 11:08 pm, Philipp Schafft <phschafft at de.loewenfelsen.net> wrote:
> Good afternoon,
> On Tue, 2022-01-18 at 12:52 +1000, Damian wrote:
>> Hi to all Icecast community members,
>> I’d like to know if anyone has successfully configured fail2ban or
>> something similar in order to provide additional security to the
>> login section of the Icecast2 admin area, and whether it is
>> worthwhile to actually do so?
> Generally a strong password is all you need. (I recommend to have a
> look at: https://xkcd.com/936/ )
> Adding fail2ban surely should not be a problem. However it does seem to
> be unnecessary. (General usecase. there may be cases this can be
>> If fail2ban is not the way to go, are there any recommended tools or
>> actions that I should take. I would like to prevent repeated failed
>> login attempts at the admin login page. I have noticed that the
>> Icecast2 access.log does not seem to log failed attempts anyway, so I
>> am not sure how useful fail2ban would be in this regard.
> I'm a bit confused. Icecast does log failed attempts in access log.
> They are marked with a status code > 399 (as per HTTP specification),
> most notably 401.
> I also just confirmed with with both 2.4:
> 127.0.0.1 - - [18/Jan/2022:13:01:50 +0000] "GET /admin/ HTTP/1.1" 401 360 "-" "Mozilla/5.0 [...]" 0
> and 2.5:
> 127.0.0.1 - - [18/Jan/2022:13:01:26 +0000] "GET /admin/ HTTP/1.1" 401 1987 "-" "Mozilla/5.0 [...]" 1
> I would be happy if you could check your logs again. Maybe the problem
> is somewhere else?
> With best regards,
> Philipp Schafft (CEO/Geschäftsführer)
> Telephon: +49.3535 490 17 92
> Löwenfelsen UG (haftungsbeschränkt) Registration number:
> Bickinger Straße 21 HRB 12308 CB
> 04916 Herzberg (Elster) VATIN/USt-ID:
> Germany DE305133015
> Icecast mailing list
> Icecast at xiph.org
More information about the Icecast