# Fail2ban jails for Traefik
# Each jail monitors different attack patterns

[DEFAULT]
bantime = 3600
findtime = 600
maxretry = 5

# Authentication failures - strict rules
[traefik-auth]
enabled = true
port = http,https
filter = traefik-auth
logpath = /var/log/traefik/access.log
maxretry = 3
findtime = 300
bantime = 7200
action = iptables-allports[name=traefik-auth]

# 404 scanning/probing - moderate rules
[traefik-404]
enabled = true
port = http,https
filter = traefik-404
logpath = /var/log/traefik/access.log
maxretry = 20
findtime = 300
bantime = 3600
action = iptables-allports[name=traefik-404]

# Rate limiting violations - strict rules
[traefik-ratelimit]
enabled = true
port = http,https
filter = traefik-ratelimit
logpath = /var/log/traefik/access.log
maxretry = 5
findtime = 60
bantime = 1800
action = iptables-allports[name=traefik-ratelimit]

# Bad requests - lenient rules
[traefik-badreq]
enabled = true
port = http,https
filter = traefik-badreq
logpath = /var/log/traefik/access.log
maxretry = 10
findtime = 300
bantime = 1800
action = iptables-allports[name=traefik-badreq]