diff --git a/fail2ban/dolibarr_filter.conf b/fail2ban/dolibarr_filter.conf
new file mode 100644
index 0000000000000000000000000000000000000000..131d286548bb660ebdc8db6484eedecca367c4c1
--- /dev/null
+++ b/fail2ban/dolibarr_filter.conf
@@ -0,0 +1,20 @@
+# Fail2Ban configuration file
+#
+# Regexp to detect try to check a couple login/password so we can add mitigation
+# on IP making too much tries.
+
+
+[Definition]
+
+# To test, you can inject this example into log
+# echo `date +'%Y-%m-%d %H:%M:%S'`" INFO    1.2.3.4         functions_dolibarr::check_user_password_abcd Authentication KO" >> /mypath/documents/dolibarr.log
+#
+# then
+# fail2ban-client status web-dolibarr-rulesbruteforce
+#
+# To test rule file on a existing log file
+# fail2ban-regex /mypath/documents/dolibarr.log /etc/fail2ban/filter.d/web-dolibarr-rulesbruteforce.conf --print-all-matched
+
+#failregex = ^ [A-Z\s]+ <HOST>\s+functions_.*::check_user_.* Authentication KO
+failregex = ^.*NOTICE\s+<HOST>\s+\d+\s+\d+\s+functions_[^\s]+::check_user_[^\s]+ Authentication KO
+ignoreregex =
diff --git a/fail2ban/dolibarr_jail.conf b/fail2ban/dolibarr_jail.conf
new file mode 100644
index 0000000000000000000000000000000000000000..083996d87660d5160b4fe644dd62fe17ef5e3f3b
--- /dev/null
+++ b/fail2ban/dolibarr_jail.conf
@@ -0,0 +1,9 @@
+[dolibarr]
+enabled = true
+filter = dolibarr
+logpath = LOG_PATH
+chain = DOCKER-USER
+port = http,https
+findtime = 130m
+banaction = docker-page
+maxretry = 5