feat: Fail2ban, auto configure reverse proxies

2026-04-01 22:45:10 +01:00
parent f17526afc3
commit 3f28ed0c14
11 changed files with 451 additions and 19 deletions
@@ -0,0 +1,9 @@
+# Fail2ban filter for Traefik authentication failures
+# Blocks IPs that repeatedly fail authentication (401 Unauthorized)
+
+[Definition]
+failregex = ^.*"ClientAddr":"<HOST>:\d+".*"RequestMethod":"(GET|POST|PUT|DELETE|PATCH)".*"DownstreamStatus":401.*$
+ignoreregex =
+
+# Example log line (JSON):
+# {"ClientAddr":"192.168.1.100:54321","DownstreamStatus":401,"RequestMethod":"GET",...}