New filter `traefik-auth`

pull/2286/head
CrazyMax 2018-11-24 22:44:44 +01:00
parent 555b29e8e6
commit a51f82770b
No known key found for this signature in database
GPG Key ID: 3248E46B6BB8C7F7
4 changed files with 68 additions and 0 deletions

View File

@ -42,6 +42,7 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition
### New Features
* new failregex-flag tag `<F-MLFGAINED>` for failregex, signaled that the access to service was gained
(ATM used similar to tag `<F-NOFAIL>`, but it does not add the log-line to matches, gh-2279)
* `filter.d/traefik-auth.conf`: used to ban hosts, that were failed through traefik
### Enhancements

View File

@ -0,0 +1,56 @@
# Fail2ban filter configuration for traefik :: auth
# used to ban hosts, that were failed through traefik
#
# Author: CrazyMax
#
# To use 'traefik-auth' filter you have to configure your Traefik instance to write
# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
# into a log file on host and specifiy users for Basic Authentication
# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
#
# Example:
#
# version: "3.2"
#
# services:
# traefik:
# image: traefik:latest
# command:
# - "--loglevel=INFO"
# - "--accesslog=true"
# - "--accessLog.filePath=/var/log/access.log"
# # - "--accessLog.filters.statusCodes=400-499"
# - "--defaultentrypoints=http,https"
# - "--entryPoints=Name:http Address::80"
# - "--entryPoints=Name:https Address::443 TLS"
# - "--docker.domain=example.com"
# - "--docker.watch=true"
# - "--docker.exposedbydefault=false"
# - "--api=true"
# - "--api.dashboard=true"
# ports:
# - target: 80
# published: 80
# protocol: tcp
# mode: host
# - target: 443
# published: 443
# protocol: tcp
# mode: host
# labels:
# - "traefik.enable=true"
# - "traefik.port=8080"
# - "traefik.backend=traefik"
# - "traefik.frontend.rule=Host:traefik.example.com"
# - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
# volumes:
# - "/var/log/traefik:/var/log"
# - "/var/run/docker.sock:/var/run/docker.sock"
# restart: always
#
[Definition]
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .+\" 401 .+$
ignoreregex =

View File

@ -888,3 +888,11 @@ backend = %(syslog_backend)s
port = http,https
logpath = %(apache_error_log)s
# To use 'traefik-auth' filter you have to configure your Traefik instance to write
# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
# into a log file on host and specifiy users for Basic Authentication
# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
# Service example in 'config/filter.d/traefik-auth.conf'
[traefik-auth]
port = http,https
logpath = /var/log/traefik/access.log

View File

@ -0,0 +1,3 @@
# failJSON: { "time": "2018-11-18T21:34:34", "match": true , "host": "10.0.0.2" }
10.0.0.2 - - [18/Nov/2018:21:34:34 +0000] "GET /dashboard/ HTTP/2.0" 401 17 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0" 72 "Auth for frontend-Host-traefik-0" "/dashboard/" 0ms