CasperSecurity

Current Path : /etc/fail2ban/filter.d/
Upload File :
Current File : //etc/fail2ban/filter.d/traefik-auth.conf

# Fail2ban filter configuration for traefik :: auth
# used to ban hosts, that were failed through traefik
#
# Author: CrazyMax
#
# To use 'traefik-auth' filter you have to configure your Traefik instance to write
# the access logs as describe in https://docs.traefik.io/configuration/logs/#access-logs
# into a log file on host and specifiy users for Basic Authentication
# https://docs.traefik.io/configuration/entrypoints/#basic-authentication
#
# Example:
#
# version: "3.2"
#
# services:
#   traefik:
#     image: traefik:latest
#     command:
#       - "--loglevel=INFO"
#       - "--accesslog=true"
#       - "--accessLog.filePath=/var/log/access.log"
# #       - "--accessLog.filters.statusCodes=400-499"
#       - "--defaultentrypoints=http,https"
#       - "--entryPoints=Name:http Address::80"
#       - "--entryPoints=Name:https Address::443 TLS"
#       - "--docker.domain=example.com"
#       - "--docker.watch=true"
#       - "--docker.exposedbydefault=false"
#       - "--api=true"
#       - "--api.dashboard=true"
#     ports:
#       - target: 80
#         published: 80
#         protocol: tcp
#         mode: host
#       - target: 443
#         published: 443
#         protocol: tcp
#         mode: host
#     labels:
#       - "traefik.enable=true"
#       - "traefik.port=8080"
#       - "traefik.backend=traefik"
#       - "traefik.frontend.rule=Host:traefik.example.com"
#       - "traefik.frontend.auth.basic.users=test:$$apr1$$H6uskkkW$$IgXLP6ewTrSuBkTrqE8wj/"
#     volumes:
#       - "/var/log/traefik:/var/log"
#       - "/var/run/docker.sock:/var/run/docker.sock"
#     restart: always
#

[Definition]

# Parameter "method" can be used to specifiy request method
req-method = \S+
# Usage example (for jail.local):
#   filter = traefik-auth[req-method="GET|POST|HEAD"]

failregex = ^<HOST> \- <usrre-<mode>> \[\] \"(?:<req-method>) [^\"]+\" 401\b

ignoreregex =

# Parameter "mode": normal (default), ddos or aggressive
# Usage example (for jail.local):
#   [traefik-auth]
#   mode = aggressive
#   # or another jail (rewrite filter parameters of jail):
#   [traefik-auth-ddos]
#   filter = traefik-auth[mode=ddos]
#
mode = normal

# part of failregex matches user name (must be available in normal mode, must be empty in ddos mode, and both for aggressive mode):
usrre-normal = (?!- )<F-USER>\S+</F-USER>
usrre-ddos = -
usrre-aggressive = <F-USER>\S+</F-USER>
Hacker Blog, Shell İndir, Sql İnjection, XSS Attacks, LFI Attacks, Social Hacking, Exploit Bot, Proxy Tools, Web Shell, PHP Shell, Alfa Shell İndir, Hacking Training Set, DDoS Script, Denial Of Service, Botnet, RFI Attacks, Encryption
Telegram @BIBIL_0DAY