mirror of https://github.com/fail2ban/fail2ban
You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
76 lines
2.3 KiB
76 lines
2.3 KiB
# Fail2ban filter configuration for traefik :: auth
|
|
# used to ban hosts, that were failed through traefik
|
|
#
|
|
# Author: CrazyMax
|
|
#
|
|
# To use 'traefik-auth' filter you have to configure your Traefik instance to write
|
|
# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
|
|
# into a log file on host and specifiy users for Basic Authentication
|
|
# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
|
|
#
|
|
# Example:
|
|
#
|
|
# version: "3.2"
|
|
#
|
|
# services:
|
|
# traefik:
|
|
# image: traefik:latest
|
|
# command:
|
|
# - "--loglevel=INFO"
|
|
# - "--accesslog=true"
|
|
# - "--accessLog.filePath=/var/log/access.log"
|
|
# # - "--accessLog.filters.statusCodes=400-499"
|
|
# - "--defaultentrypoints=http,https"
|
|
# - "--entryPoints=Name:http Address::80"
|
|
# - "--entryPoints=Name:https Address::443 TLS"
|
|
# - "--docker.domain=example.com"
|
|
# - "--docker.watch=true"
|
|
# - "--docker.exposedbydefault=false"
|
|
# - "--api=true"
|
|
# - "--api.dashboard=true"
|
|
# ports:
|
|
# - target: 80
|
|
# published: 80
|
|
# protocol: tcp
|
|
# mode: host
|
|
# - target: 443
|
|
# published: 443
|
|
# protocol: tcp
|
|
# mode: host
|
|
# labels:
|
|
# - "traefik.enable=true"
|
|
# - "traefik.port=8080"
|
|
# - "traefik.backend=traefik"
|
|
# - "traefik.frontend.rule=Host:traefik.example.com"
|
|
# - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
|
|
# volumes:
|
|
# - "/var/log/traefik:/var/log"
|
|
# - "/var/run/docker.sock:/var/run/docker.sock"
|
|
# restart: always
|
|
#
|
|
|
|
[Definition]
|
|
|
|
# Parameter "method" can be used to specifiy request method
|
|
req-method = \S+
|
|
# Usage example (for jail.local):
|
|
# filter = traefik-auth[req-method="GET|POST|HEAD"]
|
|
|
|
failregex = ^<HOST> \- <usrre-<mode>> \[\] \"(?:<req-method>) [^\"]+\" 401\b
|
|
|
|
ignoreregex =
|
|
|
|
# Parameter "mode": normal (default), ddos or aggressive
|
|
# Usage example (for jail.local):
|
|
# [traefik-auth]
|
|
# mode = aggressive
|
|
# # or another jail (rewrite filter parameters of jail):
|
|
# [traefik-auth-ddos]
|
|
# filter = traefik-auth[mode=ddos]
|
|
#
|
|
mode = normal
|
|
|
|
# part of failregex matches user name (must be available in normal mode, must be empty in ddos mode, and both for aggressive mode):
|
|
usrre-normal = (?!- )<F-USER>\S+</F-USER>
|
|
usrre-ddos = -
|
|
usrre-aggressive = <F-USER>\S+</F-USER> |