Merge pull request #2286 from crazy-max/0.10

New filter `traefik-auth`

ChangeLog

@@ -49,6 +49,7 @@ ver. 0.10.5-dev-1 (20??/??/??) - development edition
 ### New Features
 * new failregex-flag tag `<F-MLFGAINED>` for failregex, signaled that the access to service was gained
   (ATM used similar to tag `<F-NOFAIL>`, but it does not add the log-line to matches, gh-2279)
+* `filter.d/traefik-auth.conf`: used to ban hosts, that were failed through traefik
 
 ### Enhancements
 * jail-reader extended (amend to gh-1622): actions support multi-line options now (interpolations

config/filter.d/traefik-auth.conf

@@ -0,0 +1,56 @@
+# Fail2ban filter configuration for traefik :: auth
+# used to ban hosts, that were failed through traefik
+#
+# Author: CrazyMax
+#
+# To use 'traefik-auth' filter you have to configure your Traefik instance to write
+# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
+# into a log file on host and specifiy users for Basic Authentication
+# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
+#
+# Example:
+#
+# version: "3.2"
+#
+# services:
+#   traefik:
+#     image: traefik:latest
+#     command:
+#       - "--loglevel=INFO"
+#       - "--accesslog=true"
+#       - "--accessLog.filePath=/var/log/access.log"
+# #       - "--accessLog.filters.statusCodes=400-499"
+#       - "--defaultentrypoints=http,https"
+#       - "--entryPoints=Name:http Address::80"
+#       - "--entryPoints=Name:https Address::443 TLS"
+#       - "--docker.domain=example.com"
+#       - "--docker.watch=true"
+#       - "--docker.exposedbydefault=false"
+#       - "--api=true"
+#       - "--api.dashboard=true"
+#     ports:
+#       - target: 80
+#         published: 80
+#         protocol: tcp
+#         mode: host
+#       - target: 443
+#         published: 443
+#         protocol: tcp
+#         mode: host
+#     labels:
+#       - "traefik.enable=true"
+#       - "traefik.port=8080"
+#       - "traefik.backend=traefik"
+#       - "traefik.frontend.rule=Host:traefik.example.com"
+#       - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
+#     volumes:
+#       - "/var/log/traefik:/var/log"
+#       - "/var/run/docker.sock:/var/run/docker.sock"
+#     restart: always
+#
+
+[Definition]
+
+failregex = ^<HOST> \- (?!- )\S+ \[\] \"(GET|POST|HEAD) [^\"]+\" 401\b
+
+ignoreregex =

config/jail.conf

@@ -888,3 +888,8 @@ backend = %(syslog_backend)s
 port    = http,https
 logpath = %(apache_error_log)s
 
+[traefik-auth]
+# to use 'traefik-auth' filter you have to configure your Traefik instance,
+# see `filter.d/traefik-auth.conf` for details and service example.
+port    = http,https
+logpath = /var/log/traefik/access.log

fail2ban/tests/files/logs/traefik-auth

@@ -0,0 +1,6 @@
+# failJSON: { "match": false }
+10.0.0.2 - - [18/Nov/2018:21:34:30 +0000] "GET /dashboard/ HTTP/2.0" 401 17 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0" 72 "Auth for frontend-Host-traefik-0" "/dashboard/" 0ms
+# failJSON: { "time": "2018-11-18T22:34:34", "match": true , "host": "10.0.0.2" }
+10.0.0.2 - username [18/Nov/2018:21:34:34 +0000] "GET /dashboard/ HTTP/2.0" 401 17 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0" 72 "Auth for frontend-Host-traefik-0" "/dashboard/" 0ms
+# failJSON: { "match": false }
+10.0.0.2 - username [27/Nov/2018:23:33:31 +0000] "GET /dashboard/ HTTP/2.0" 200 716 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:57.0) Gecko/20100101 Firefox/57.0" 118 "Host-traefik-0" "/dashboard/" 4ms