homelab/ansible/roles/fail2ban/templates/traefik-auth.conf.j2

# Fail2ban filter for Traefik authentication failures
# Blocks IPs that repeatedly fail authentication (401 Unauthorized)

[Definition]
failregex = ^.*"ClientAddr":"<HOST>:\d+".*"RequestMethod":"(GET|POST|PUT|DELETE|PATCH)".*"DownstreamStatus":401.*$
ignoreregex =

# Example log line (JSON):
# {"ClientAddr":"192.168.1.100:54321","DownstreamStatus":401,"RequestMethod":"GET",...}