tomMoulard
Fail2ban Middleware does not recognise 200 status code
For some reason my setup does not recognize successful status codes and bans on the 11th request. I also don't see anything in the logs even though I have enabled DEBUG logging. Setup:
apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
name: fail2ban
spec:
plugin:
fail2ban:
logLevel: DEBUG
rules:
bantime: 30m
enabled: "true"
findtime: 10m
maxretry: "10"
statuscode: 400-499
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
name: whoami-http
spec:
entryPoints:
- http
routes:
- match: Host(`redacted.com`) || Host(`www.redacted.com`)
kind: Rule
services:
- name: whoami
port: 80
middlewares:
- namespace: traefik
name: fail2ban
Hello all,
Thanks for your interest in this Traefik plugin !
I've released https://github.com/tomMoulard/fail2ban/releases/tag/v0.8.2 with an intensive logging approach. Can you try again your issue with the latest version and tell me if it's still relevant ?
Thanks !
I'm immediately hit with an error when trying to load the latest version into Traefik:
2024-09-06T20:15:38Z INF Loading plugins... plugins=["GeoBlock","fail2ban"]
2024-09-06T20:15:39Z ERR plugins-storage/sources/gop-281385154/src/github.com/tomMoulard/fail2ban/pkg/data/data.go:14:9: panic: github.com/tomMoulard/fail2ban/pkg/data(...) module=github.com/tomMoulard/fail2ban plugin=plugin-fail2ban runtime=
panic: reflect.Set: value of type string is not assignable to type struct { Logger *stdlib.logLogger } [recovered]
panic: reflect.Set: value of type string is not assignable to type struct { Logger *stdlib.logLogger }
goroutine 1 [running]:
github.com/traefik/yaegi/interp.runCfg.func1()
github.com/traefik/[email protected]/interp/run.go:226 +0x1ae
panic({0x4976d20?, 0xc0022411f0?})
runtime/panic.go:770 +0x132
reflect.Value.assignTo({0x4976d20?, 0xc002240c10?, 0xc002240c10?}, {0x5a6e45b, 0xb}, 0xc0020b58c0, 0x0)
reflect/value.go:3356 +0x299
reflect.Value.Set({0xc0020b58c0?, 0xc002272040?, 0xc002272030?}, {0x4976d20?, 0xc002240c10?, 0xc001e0a2f0?})
reflect/value.go:2325 +0xe6
github.com/traefik/yaegi/interp.call.func9(0xc001dc9600)
github.com/traefik/[email protected]/interp/run.go:1391 +0xbc5
github.com/traefik/yaegi/interp.runCfg(0xc002220f00, 0xc001dc9600, 0x1?, 0x1?)
github.com/traefik/[email protected]/interp/run.go:234 +0x285
github.com/traefik/yaegi/interp.(*Interpreter).run(0xc001cd7d48, 0xc002261400, 0xc00231bb01?)
github.com/traefik/[email protected]/interp/run.go:119 +0x395
github.com/traefik/yaegi/interp.(*Interpreter).importSrc(0xc001cd7d48, {0xc00231bb90, 0x28}, {0xc00231bb01, 0x27}, 0x1)
github.com/traefik/[email protected]/interp/src.go:162 +0xf3b
github.com/traefik/yaegi/interp.(*Interpreter).gta.func1(0xc0021f5b80)
github.com/traefik/[email protected]/interp/gta.go:273 +0xcdb
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021f5b80, 0xc00269c710, 0x0)
github.com/traefik/[email protected]/interp/interp.go:282 +0x2e
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021f5540, 0xc00269c710, 0x0)
github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021f52c0, 0xc00269c710, 0x0)
github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*Interpreter).gta(0xc001cd7d48, 0xc0021f52c0, {0xc00231bb90, 0x28}, {0xc00231b741, 0x28}, {0xc001ca50e7, 0x5})
github.com/traefik/[email protected]/interp/gta.go:20 +0x22b
github.com/traefik/yaegi/interp.(*Interpreter).importSrc(0xc001cd7d48, {0xc001da78e0, 0x1e}, {0xc00231b741, 0x28}, 0x1)
github.com/traefik/[email protected]/interp/src.go:109 +0x925
github.com/traefik/yaegi/interp.(*Interpreter).gta.func1(0xc0021c1180)
github.com/traefik/[email protected]/interp/gta.go:273 +0xcdb
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021c1180, 0xc00269d458, 0x0)
github.com/traefik/[email protected]/interp/interp.go:282 +0x2e
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021c0140, 0xc00269d458, 0x0)
github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b1e00, 0xc00269d458, 0x0)
github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*Interpreter).gta(0xc001cd7d48, 0xc0021b1e00, {0xc001da78e0, 0x1e}, {0xc001da7821, 0x1e}, {0xc001c912e8, 0x8})
github.com/traefik/[email protected]/interp/gta.go:20 +0x22b
github.com/traefik/yaegi/interp.(*Interpreter).importSrc(0xc001cd7d48, {0xc001c90e88, 0x4}, {0xc001da7821, 0x1e}, 0x1)
github.com/traefik/[email protected]/interp/src.go:109 +0x925
github.com/traefik/yaegi/interp.(*Interpreter).gta.func1(0xc0021b1b80)
github.com/traefik/[email protected]/interp/gta.go:273 +0xcdb
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b1b80, 0xc00269e1a0, 0x0)
github.com/traefik/[email protected]/interp/interp.go:282 +0x2e
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b1a40, 0xc00269e1a0, 0x0)
github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b17c0, 0xc00269e1a0, 0x0)
github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*Interpreter).gta(0xc001cd7d48, 0xc0021b17c0, {0xc001c90e88, 0x4}, {0xc001c90e88, 0x4}, {0xc001c90e88, 0x4})
github.com/traefik/[email protected]/interp/gta.go:20 +0x22b
github.com/traefik/yaegi/interp.(*Interpreter).gtaRetry(0xc001cd7d48, {0xc00269e388?, 0xc0016854a0?, 0xc00269e2c8?}, {0xc001c90e88, 0x4}, {0xc001c90e88, 0x4})
github.com/traefik/[email protected]/interp/gta.go:395 +0x158
github.com/traefik/yaegi/interp.(*Interpreter).CompileAST(0xc001cd7d48, {0x698b9a0?, 0xc0016854a0?})
github.com/traefik/[email protected]/interp/program.go:92 +0x11f
github.com/traefik/yaegi/interp.(*Interpreter).compileSrc(0xc001cd7d48, {0xc00231b680?, 0x1?}, {0x0?, 0xc00231b680?}, 0xa0?)
github.com/traefik/[email protected]/interp/program.go:64 +0xaa
github.com/traefik/yaegi/interp.(*Interpreter).eval(0xc001cd7d48, {0xc00231b680?, 0xc00269e8c8?}, {0x0?, 0x1?}, 0x0?)
github.com/traefik/[email protected]/interp/interp.go:554 +0x25
github.com/traefik/yaegi/interp.(*Interpreter).Eval(...)
github.com/traefik/[email protected]/interp/interp.go:496
github.com/traefik/traefik/v3/pkg/plugins.newInterpreter({0x69bd0c0, 0xc001f5f8c0}, {0xc001c753e0, 0x25}, {0xc001da6a00, 0x1e})
github.com/traefik/traefik/v3/pkg/plugins/middlewareyaegi.go:140 +0x589
github.com/traefik/traefik/v3/pkg/plugins.newMiddlewareBuilder({0x69bd0c0?, 0xc001f5f8c0?}, {0xc001c753e0?, 0x1?}, 0xc001b0f9e0, {0xc001c806e0?, 0x69bcfe0?}, {{0x0, 0x0, 0x0}, ...})
github.com/traefik/traefik/v3/pkg/plugins/builder.go:142 +0x16f
github.com/traefik/traefik/v3/pkg/plugins.NewBuilder(0xc001c47310, 0xc001c77710, 0xc002590270)
github.com/traefik/traefik/v3/pkg/plugins/builder.go:55 +0x6d5
main.createPluginBuilder(0xc001a434a0?)
github.com/traefik/traefik/v3/cmd/traefik/plugins.go:18 +0x2b
main.setupServer(0xc001b0e120)
github.com/traefik/traefik/v3/cmd/traefik/traefik.go:238 +0xa86
main.runCmd(0xc001b0e120)
github.com/traefik/traefik/v3/cmd/traefik/traefik.go:117 +0x2b4
main.main.func1({0xc001957bc0?, 0xc0001d2080?, 0x10?})
github.com/traefik/traefik/v3/cmd/traefik/traefik.go:65 +0x19
github.com/traefik/paerser/cli.run(0xc0018f3200, {0xc0001d2080, 0x0?, 0x0})
github.com/traefik/[email protected]/cli/commands.go:133 +0x243
github.com/traefik/paerser/cli.execute(0xc0018f3200, {0xc0001d2080, 0x2, 0x2}, 0x28?)
github.com/traefik/[email protected]/cli/commands.go:76 +0x6cf
github.com/traefik/paerser/cli.Execute(...)
github.com/traefik/[email protected]/cli/commands.go:51
main.main()
github.com/traefik/traefik/v3/cmd/traefik/traefik.go:81 +0x554
traefik.yml has just this for the plugin loading:
experimental:
plugins:
GeoBlock:
moduleName: "github.com/PascalMinder/geoblock"
version: "v0.2.8"
fail2ban:
moduleName: "github.com/tomMoulard/fail2ban"
version: "v0.8.2"
indeed, my bad, I've released https://github.com/tomMoulard/fail2ban/tree/v0.8.3 that should fix this particular panic issue.
indeed, my bad, I've released https://github.com/tomMoulard/fail2ban/tree/v0.8.3 that should fix this particular panic issue.
This new version loads fine, but doesn't log anything beyond the initial first message.
2024/09/07 10:02:33 Plugin: FailToBan is up and running
The middleware configuration I've got is:
http:
middlewares:
fail2ban:
plugin:
fail2ban:
logLevel: DEBUG
# allowlist:
# ip: 10.150.0.0/16
# denylist:
# ip: 192.168.0.0/24
rules:
bantime: 5m
enabled: true
findtime: 30s
maxretry: 5
statuscode: "400,401,403-499"
And much like with the initial case described by @PS1TD, this version blocks connectivity after just opening a loading screen, as if 200s were 400s...
Did you enable traefik DEBUG log level ? If so, have you the following log ?
DBG github.com/traefik/traefik/v3/pkg/plugins/plugins.go:30 > Loading of plugin: fail2ban: github.com/tomMoulard/[email protected]
Good point. I failed to notice this bit from the documentation:
Please note that Fail2ban logs will only be visible when Traefik's log level is set to DEBUG
After setting this I'm... well, I'm getting a bit overly swarmed with logs now.
But I think I've managed to isolate a fragment of fail2ban, from startup to this middelware blocking me from accessing a login page (i.e. I've not yet provided any credentials, valid or invalid). While this should not matter, I'm attempting to access "Home Assistant", to which I've got the credentials cached (i.e. there should be no 400s at all).
Note: I've removed all routing information from the logs as other services are being frequently accessed and add a lot of noise, and I've stripped a module=github.com/tomMoulard/fail2ban plugin=plugin-fail2ban runtime= suffix from fail2ban logs. Finally I've had to remove fail2ban "Write: buf:" rows, as they are VERY long and break the limits of posting on GitHub. If those are required I'll find some other ways to share them.
2024-09-07T15:59:52Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=websecure middlewareName=fail2ban@file routerName=haos@file
2024-09-07T15:59:54Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"fail2ban":{"plugin":{"fail2ban":{"logLevel":"DEBUG","rules":{"bantime":"5m","enabled":"true","findtime":"30s","maxretry":"5","statuscode":"400,401,403-499"}}}}..."
2024/09/07 16:00:12 Plugin: FailToBan is up and running
2024/09/07 16:00:14 Plugin: FailToBan is up and running
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url / not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome "10.152.4.15"
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Content-Encoding:[deflate] Content-Length:[2297] Content-Type:[text/html; charset=utf-8] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Referrer-Policy:[no-referrer] Server:[] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc00220eae0 XheadersSent:true Xbytes:[] XallowedRequest:false}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /frontend_latest/core.ydYtuXnHVAs.js not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome back "10.152.4.15" for the 2 time
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /frontend_latest/app.okM55PX7yEE.js not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome back "10.152.4.15" for the 3 time
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /static/images/ohf-badge.svg not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome back "10.152.4.15" for the 4 time
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /static/fonts/roboto/Roboto-Regular.woff2 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is banned for 5>=5 request
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /static/fonts/roboto/Roboto-Medium.woff2 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /hacsfiles/iconset.js not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is still banned since "2024-09-07T16:00:22Z", 6 request
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is still banned since "2024-09-07T16:00:22Z", 7 request
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Accept-Ranges:[bytes] Cache-Control:[public, max-age=2678400] Content-Encoding:[br] Content-Length:[15482] Content-Type:[text/javascript] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Etag:["17eefe1f5dc34c00-3c7a"] Last-Modified:[Sun, 25 Aug 2024 14:11:58 GMT] Referrer-Policy:[no-referrer] Server:[] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc001d61900 XheadersSent:true Xbytes:[] XallowedRequest:false}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200
2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Accept-Ranges:[bytes] Cache-Control:[public, max-age=2678400] Content-Encoding:[gzip] Content-Length:[3522] Content-Type:[image/svg+xml] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Etag:["17eefe1f5dc34c00-dc2"] Last-Modified:[Sun, 25 Aug 2024 14:11:58 GMT] Referrer-Policy:[no-referrer] Server:[] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc00220f4a0 XheadersSent:true Xbytes:[] XallowedRequest:false}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Accept-Ranges:[bytes] Cache-Control:[public, max-age=2678400] Content-Encoding:[br] Content-Length:[74998] Content-Type:[text/javascript] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Etag:["17eefe1f5dc34c00-124f6"] Last-Modified:[Sun, 25 Aug 2024 14:11:58 GMT] Referrer-Policy:[no-referrer] Server:[] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc002130c40 XheadersSent:true Xbytes:[] XallowedRequest:false}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15}
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /auth/token not is allowed
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is still banned since "2024-09-07T16:00:22Z", 8 request
Like @PS1TD I'm not using any urlregexps in the configuration, nor any denylist nor allowlist. I.e. I'm just interested in filtering based on status codes.
Hi, I just stumbled upon the same problem and think that the issue is here: https://github.com/tomMoulard/fail2ban/blob/6b3824f01a31135e9f1e9fd1cdb56a4b62eb4c86/fail2ban.go#L143
The f2b-handler is called in the chain before the status-code-handler and thus fail2bans EVERY request (see also here: https://github.com/tomMoulard/fail2ban/blob/6b3824f01a31135e9f1e9fd1cdb56a4b62eb4c86/pkg/chain/chain.go#L84 )
I think that f2bHandler.New(f2b), should not be in the handler-chain at all for this to work...
Indeed I could try reversing the order in the chain but I doupt I will work as you intend.
For you last part, removing the handler will remove it's ability to catch status codes. But indeed, it will count twice the request in the handler.
The status-code handler internally calls the f2b if a proper status-code is detected. Why call the f2b-handler "naked" (without any preconditions) in the chain at all? It then counts every request against the "maxRetry", even "legal" ones with a 200 response-code.
I'd think that inside the chain one would need a handler that continues blocking, if an IP is already on the ban-list, but that does not blindly increase ip.count towards maxRetries. Increasing the counter for an IP may only happen if a precondition for a "failed"-request is met (like inside the URLRegexBan or the http-status-handler).
(I'm not able to write Go-code myself, otherwise I'd create a merge-request)
Experiencing the same problem requests get banned after maxretry attempts regardless of the status code (#153
And here too, same issue. Seems every request is passed through the f2b handler regardless of status code
same issue here with traefik v3.3.3 and Fail2Ban v0.8.3, every request seems to count against the maxretry value regardless of status code
I am really looking forward to see #184 being merged as I am using "418 - I am a tea pot" status code as a notifier from my app (Lychee) that this is confirmed malicious scrapping.
I had to resubmit the PR, as I made the mistake of basing it on the main branch instead of a separate one. 🤦
#188 is the successor PR.
This can likely be closed as #188 has now been merged.
Note that the plugin catalog for Traefik still lists 0.8.3 as the latest version, and this version can only be used "locally"... From what I can tell the Traefik catalogue checks plugin version availability every 30m and the latest release was yesterday, so it should have been updated by now. Since it hasn't this suggests there might be something wrong with the latest release.
I have the same problem, also want to upgrade, but the latest version is 0.8.3 ..
It failed to register the new version of the plugin : https://github.com/tomMoulard/fail2ban/issues/197
I have the same problem, also want to upgrade, but the latest version is 0.8.3 ..
You can load the plugin "locally". It's a bit of a hassle and, technically, it's for developers, but the functionality is there.
Hi all, I've released a new version of this plugin : https://github.com/tomMoulard/fail2ban/releases/tag/v0.8.6
Hi all, I've released a new version of this plugin : https://github.com/tomMoulard/fail2ban/releases/tag/v0.8.6
Attempting to load it "officially" I'm getting the following error:
2025-06-05T11:21:06Z ERR Plugins are disabled because an error has occurred. error="unable to set up plugins environment: unable to download plugin github.com/tomMoulard/fail2ban: failed to call service: Get \"https://plugins.traefik.io/public/download/github.com/tomMoulard/fail2ban/v0.8.6\": GET https://plugins.traefik.io/public/download/github.com/tomMoulard/fail2ban/v0.8.6 giving up after 4 attempt(s)" plugins=["GeoBlock","fail2ban"]
It seems the last version which can be loaded from plugins.traefik.io is 0.8.3...
i use v0.8.6 as a local plugin, but i think it still is buggy - got banned when looking at my immich feed with hundreds of http 200s...
Hey! I am experiencing this same issue as well. I can try to sift to the logs at a later time but i suspect somehow this is not fixed in the latest release. Opening a nextcloud page only once will actually ban me (i get 403 after a refresh).
