tomMoulard / Fail2ban
Programming Languages
Labels
Projects that are alternatives of or similar to Fail2ban
Fail2ban plugin for traefik
This plugin is a small implementation of a fail2ban instance as a middleware plugin for Traefik.
Configuration
Whitelist
You can whitelist some IP using this:
testData:
whitelist:
files:
- "tests/test-ipfile.txt"
ip:
- "::1"
- "127.0.0.1"
Where you can use some IP in an array of files or directly in the config.
Blacklist
Like whitelist, you can blacklist some IP using this:
testData:
blacklist:
files:
- "tests/test-ipfile.txt"
ip:
- "::1"
- "127.0.0.1"
Where you can use some IP in an array of files or directly in the config.
Configuration debug
In order to check if the configuration is correct, there should be some logs on stdout like:
Fail2Ban_config: 2020/12/27 22:40:04 restricted.go:51: Whitelisted: '127.0.0.2/32'
Fail2Ban_config: 2020/12/27 22:40:04 restricted.go:51: Blacklisted: '127.0.0.3/32'
Fail2Ban_config: 2020/12/27 22:40:04 restricted.go:51: Bantime: 3h0m0s
Fail2Ban_config: 2020/12/27 22:40:04 restricted.go:51: Findtime: 3h0m0s
Fail2Ban_config: 2020/12/27 22:40:04 restricted.go:51: Ports range from 0 to 8000
Fail2Ban_config: 2020/12/27 22:40:04 restricted.go:51: FailToBan Rules : '{Xbantime:3h0m0s Xfindtime:3h0m0s Xurlregexp:[localhost:5000/whoami] Xmaxretry:4 Xenabled:true Xports:[0 8000]}'
Fail2Ban: 2020/12/27 22:40:04 restricted.go:52: Plugin: FailToBan is up and running
Fail2ban
We plan to use all default fail2ban configuration but at this time only a few features are implemented:
testData:
rules:
bantime: "3h"
findtime: "10m"
maxretry: 4
enabled: true
urlregexp:
- ""
urlregexp: ""
ports: "80:443"
Where:
-
findtime
: is the time slot used to count requests (if there is too many requests with the same ip in this slot of time, the ip goes into ban). You can use 'smart' strings: "4h", "2m", "1s", ... -
bantime
: correspond to the amount of time the IP is in Ban mode. -
maxretry
: number of request before Ban mode. -
enabled
: allow to enable or disable the plugin (must be set totrue
to enable the plugin). -
urlregexp
: a regexp list to block request with regexps on the url -
ports
: filter requests by port range
Schema
First request, IP is added to the Pool, and the findtime
timer is started:
A |------------->
↑
Second request, findtime
is not yet finished thus the request is fine:
A |--x---------->
↑
Third request, maxretry
is now full, this request is fine but the next wont.
A |--x--x------->
↑
Fourth request, too bad, now it's jail time, next request will go through after
bantime
:
A |--x--x--x---->
↓
B |------------->
Fifth request, the IP is in Ban mode, nothing happen:
A |--x--x--x---->
B |--x---------->
↑
Last request, the bantime
is now over, another findtime
is started:
A |--x--x--x----> |------------->
↑
B |--x---------->
traefik.yml
configuration file for traefik
Dev pilot:
token: [REDACTED]
experimental:
devPlugin:
goPath: /home/${USER}/go
moduleName: github.com/tommoulard/fail2ban
entryPoints:
http:
address: ":8000"
forwardedHeaders:
insecure: true
api:
dashboard: true
insecure: true
providers:
file:
filename: rules-fail2ban.yaml
How to dev
$ docker run -d --network host containous/whoami -port 5000
# traefik --configfile traefik.yml
Authors
Tom Moulard | Clément David | Martin Huvelle | Alexandre Bossut-Lasry |
---|---|---|---|