1 files changed, 34 insertions, 4 deletions
diff --git a/src/mod_fail2ban.erl b/src/mod_fail2ban.erl
index 0d2473c15..b9fed0db0 100644
--- a/src/mod_fail2ban.erl
+++ b/src/mod_fail2ban.erl
@@ -5,7 +5,7 @@
 %%% Created : 15 Aug 2014 by Evgeny Khramtsov <ekhramtsov@process-one.net>
 %%%
 %%%
-%%% ejabberd, Copyright (C) 2014-2019   ProcessOne
+%%% ejabberd, Copyright (C) 2014-2020   ProcessOne
 %%%
 %%% This program is free software; you can redistribute it and/or
 %%% modify it under the terms of the GNU General Public License as
@@ -34,7 +34,7 @@
 
 -export([init/1, handle_call/3, handle_cast/2,
 	 handle_info/2, terminate/2, code_change/3,
-	 mod_opt_type/1, mod_options/1, depends/2]).
+	 mod_opt_type/1, mod_options/1, depends/2, mod_doc/0]).
 
 %% ejabberd command.
 -export([get_commands_spec/0, unban/1]).
@@ -217,8 +217,8 @@ log_and_disconnect(#{ip := {Addr, _}, lang := Lang} = State, Attempts, UnbanTS)
     UnbanDate = format_date(
 		  calendar:now_to_universal_time(msec_to_now(UnbanTS))),
     Format = ?T("Too many (~p) failed authentications "
-		"from this IP address (~ts). The address "
-		"will be unblocked at ~ts UTC"),
+		"from this IP address (~s). The address "
+		"will be unblocked at ~s UTC"),
     Args = [Attempts, IP, UnbanDate],
     ?WARNING_MSG("Connection attempt from blacklisted IP ~ts: ~ts",
 		 [IP, io_lib:fwrite(Format, Args)]),
@@ -254,3 +254,33 @@ mod_options(_Host) ->
     [{access, none},
      {c2s_auth_ban_lifetime, timer:hours(1)},
      {c2s_max_auth_failures, 20}].
+
+mod_doc() ->
+    #{desc =>
+          [?T("The module bans IPs that show the malicious signs. "
+              "Currently only C2S authentication failures are detected."), "",
+           ?T("Unlike the standalone program, 'mod_fail2ban' clears the "
+              "record of authentication failures after some time since the "
+              "first failure or on a successful authentication. "
+              "It also does not simply block network traffic, but "
+              "provides the client with a descriptive error message.")],
+      opts =>
+          [{access,
+            #{value => ?T("AccessName"),
+              desc =>
+                  ?T("Specify an access rule for whitelisting IP "
+                     "addresses or networks. If the rule returns 'allow' "
+                     "for a given IP address, that address will never be "
+                     "banned. The 'AccessName' should be of type 'ip'. "
+                     "The default value is 'none'.")}},
+           {c2s_auth_ban_lifetime,
+            #{value => "timeout()",
+              desc =>
+                  ?T("The lifetime of the IP ban caused by too many "
+                     "C2S authentication failures. The default value is "
+                     "'1' hour.")}},
+           {c2s_max_auth_failures,
+            #{value => ?T("Number"),
+              desc =>
+                  ?T("The number of C2S authentication failures to "
+                     "trigger the IP ban. The default value is '20'.")}}]}.