Lino Silva
52 lines
1.1 KiB
Django/Jinja
52 lines
1.1 KiB
Django/Jinja
# Fail2ban jails for Traefik
|
|
# Each jail monitors different attack patterns
|
|
|
|
[DEFAULT]
|
|
bantime = 3600
|
|
findtime = 600
|
|
maxretry = 5
|
|
|
|
# Authentication failures - strict rules
|
|
[traefik-auth]
|
|
enabled = true
|
|
port = http,https
|
|
filter = traefik-auth
|
|
logpath = /var/log/traefik/access.log
|
|
maxretry = 3
|
|
findtime = 300
|
|
bantime = 7200
|
|
action = iptables-allports[name=traefik-auth]
|
|
|
|
# 404 scanning/probing - moderate rules
|
|
[traefik-404]
|
|
enabled = true
|
|
port = http,https
|
|
filter = traefik-404
|
|
logpath = /var/log/traefik/access.log
|
|
maxretry = 20
|
|
findtime = 300
|
|
bantime = 3600
|
|
action = iptables-allports[name=traefik-404]
|
|
|
|
# Rate limiting violations - strict rules
|
|
[traefik-ratelimit]
|
|
enabled = true
|
|
port = http,https
|
|
filter = traefik-ratelimit
|
|
logpath = /var/log/traefik/access.log
|
|
maxretry = 5
|
|
findtime = 60
|
|
bantime = 1800
|
|
action = iptables-allports[name=traefik-ratelimit]
|
|
|
|
# Bad requests - lenient rules
|
|
[traefik-badreq]
|
|
enabled = true
|
|
port = http,https
|
|
filter = traefik-badreq
|
|
logpath = /var/log/traefik/access.log
|
|
maxretry = 10
|
|
findtime = 300
|
|
bantime = 1800
|
|
action = iptables-allports[name=traefik-badreq]
|