Skip to main content

Fail2Ban

1. Unban IP

List banned IP via iptables

iptables -L -n

Get configured jails

fail2ban-client status

Unban IP

fail2ban-client set JAIL-NAME unbanip XXX.XXX.XXX.XXX
2. Configuration for caddy reverse proxy

Enable access logging at caddy

mydomain.com {
	log {
		output file /var/log/caddy/mydoamin.access.log {
		roll_size 10mb
		roll_keep 20
		    roll_keep_for 720h
	      }
	}
    reverse_proxy XXX.XXX.XXX.XXX
}

Create caddy filter file (regex) for fail2ban - /etc/fail2ban/filter.d/caddy-status.conf

[Definition]
failregex = ^.*"remote_ip":"<HOST>",.*?"status":(?:401|403|500),.*$
ignoreregex =
datepattern = LongEpoch

Enable jail in fail2ban config (/etc/fail2ban/jail.local)

[caddy-status]
backend		= auto
enabled     = true
port        = http,https
filter      = caddy-status
logpath     = /var/log/caddy/*access.log
maxretry    = 10