# Fail2ban filter for Traefik 404 scanning/probing
# Blocks IPs that generate excessive 404 errors (scanning for vulnerabilities)

[Definition]
failregex = ^.*"ClientAddr":"<HOST>:\d+".*"RequestMethod":"(GET|POST|PUT|DELETE|PATCH)".*"DownstreamStatus":404.*$
ignoreregex =

# Example log line (JSON):
# {"ClientAddr":"192.168.1.100:54321","DownstreamStatus":404,"RequestMethod":"GET",...}