Hi,
I am self hosting write freely. I also host other services myself and one of the protection mechanisms I use is fail2ban. Using this technique I protect my server from abuse.
The logging of writefreely does not log the IP address, so it is not possible to create a defensive rule in fail2ban. For instance, the logging for an unsuccessful login is:
2026/01/25 14:42:20 Login: Attempting login for 'credmp'
ERROR: 2026/01/25 14:42:20 account.go:385: Unable to login: Incorrect password.
2026/01/25 14:42:20 "POST /auth/login" 307 156.977798ms "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
2026/01/25 14:42:20 "POST /login" 200 169.367µs "Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/143.0.0.0 Safari/537.36"
Is there any outstanding issue to add at least an option to log the ip address?
Cheers,
Arjen