Skip to main content

Fail2Ban

1. Unban IP

List banned IP via iptables

iptables -L -n

Get configured jails

fail2ban-client status

Unban IP

fail2ban-client set JAIL-NAME unbanip XXX.XXX.XXX.XXX
2. Configuration for caddy reverse proxy

Enable access logging at caddy

mydomain.com(custom_log) {
	log {
		format json {
			time_format iso8601
		}
		output file /var/log/caddy/mydoamin.{args[0]}.access.log {
			roll_size 10mb
			roll_keep 20
			roll_keep_for 720h
		}
	}
}

mydomain.com {
	import custom_log mydomain.com
    reverse_proxy XXX.XXX.XXX.XXX
}

Create caddy filter file (regex) for fail2ban - /etc/fail2ban/filter.d/caddy-status.conf

[Definition]
failregex = ^.*"remote_ip":"<HOST>",.*?"status":(?:401|403|500),.*$
ignoreregex =
datepattern = LongEpoch"ts":"%%Y-%%m-%%dT%%H:%%M:%%S.

Enable jail in fail2ban config (/etc/fail2ban/jail.local)

[caddy-status]
backend		= auto
enabled     = true
port        = http,https
filter      = caddy-status
logpath     = /var/log/caddy/*access.log
maxretry    = 10