lino/homelab
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat: Fail2ban, auto configure reverse proxies

Browse Source
This commit is contained in:
Lino Silva
2026-04-01 22:45:10 +01:00
parent f17526afc3
commit 3f28ed0c14
11 changed files with 451 additions and 19 deletions
Download Patch File Download Diff File Expand all files Collapse all files
ansible/roles/fail2ban/templates/jail.local.j2
+51
View File
@@ -0,0 +1,51 @@
# Fail2ban jails for Traefik
# Each jail monitors different attack patterns
[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5
# Authentication failures - strict rules
[traefik-auth]
enabled = true
port = http,https
filter = traefik-auth
logpath = /var/log/traefik/access.log
maxretry = 3
findtime = 300
bantime = 7200
action = iptables-allports[name=traefik-auth]
# 404 scanning/probing - moderate rules
[traefik-404]
enabled = true
port = http,https
filter = traefik-404
logpath = /var/log/traefik/access.log
maxretry = 20
findtime = 300
bantime = 3600
action = iptables-allports[name=traefik-404]
# Rate limiting violations - strict rules
[traefik-ratelimit]
enabled = true
port = http,https
filter = traefik-ratelimit
logpath = /var/log/traefik/access.log
maxretry = 5
findtime = 60
bantime = 1800
action = iptables-allports[name=traefik-ratelimit]
# Bad requests - lenient rules
[traefik-badreq]
enabled = true
port = http,https
filter = traefik-badreq
logpath = /var/log/traefik/access.log
maxretry = 10
findtime = 300
bantime = 1800
action = iptables-allports[name=traefik-badreq]