Skip to content

Fail2Ban

1. Unban IP

List banned IP via iptables
1
iptables -L -n
Get configured jails
1
fail2ban-client status
Unban IP
1
fail2ban-client set JAIL-NAME unbanip XXX.XXX.XXX.XXX

2. Configuration for caddy reverse proxy

Enable access logging at caddy
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
(custom_log) {
    log {
        format json {
            time_format iso8601
        }
        output file /var/log/caddy/{args[0]}.access.log {
            roll_size 10mb
            roll_keep 20
            roll_keep_for 720h
        }
    }
}

mydomain.com {
    import custom_log mydomain.com
    reverse_proxy XXX.XXX.XXX.XXX
}
Create caddy filter file (regex) for fail2ban
1
2
3
4
5
#/etc/fail2ban/filter.d/caddy-status.conf
[Definition]
failregex = ^.*"remote_ip":"<HOST>",.*?"status":(?:401|403|500),.*$
ignoreregex =
datepattern = "ts":"%%Y-%%m-%%dT%%H:%%M:%%S.
Enable jail in fail2ban config
1
2
3
4
5
6
7
8
#/etc/fail2ban/jail.local
[caddy-status]
backend     = auto
enabled     = true
port        = http,https
filter      = caddy-status
logpath     = /var/log/caddy/*.access.log
maxretry    = 10