Fail2Ban
1. Unban IP
List banned IP via iptables
iptables -L -n
Get configured jails
fail2ban-client status
Unban IP
fail2ban-client set JAIL-NAME unbanip XXX.XXX.XXX.XXX
2. Configuration for caddy reverse proxy
Enable access logging at caddy
mydomain.com {
log {
output file /var/log/caddy/mydoamin.access.log {
roll_size 10mb
roll_keep 20
roll_keep_for 720h
}
}
reverse_proxy XXX.XXX.XXX.XXX
}
Create caddy filter file (regex) for fail2ban - /etc/fail2ban/filter.d/caddy-status.conf
[Definition]
failregex = ^.*"remote_ip":"<HOST>",.*?"status":(?:401|403|500),.*$
ignoreregex =
datepattern = LongEpoch
Enable jail in fail2ban config (/etc/fail2ban/jail.local)
[caddy-status]
backend = auto
enabled = true
port = http,https
filter = caddy-status
logpath = /var/log/caddy/*access.log
maxretry = 10