# ── F2B Control Center — jail configuration (Cloudflare) ─────────────────────
# Installed when CF_EMAIL + CF_APIKEY are set in docker-compose.yml.
# Adds the Cloudflare WAF action to every jail alongside iptables.
# Credentials are injected from environment — not stored here.
# ─────────────────────────────────────────────────────────────────────────────

[DEFAULT]
bantime    = 1h
findtime   = 10m
maxretry   = 5
allowipv6  = auto

# Populated by entrypoint from SUBNETS_TO_IGNORE env var on first run.
# Updated live by the dashboard — do not edit by hand.
ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

# Cloudflare credentials — set CF_EMAIL and CF_APIKEY in docker-compose.yml.
cf_email  = %(ENV[CF_EMAIL])s
cf_apikey = %(ENV[CF_APIKEY])s

# ── NPM: Bad Bots ─────────────────────────────────────────────────────────────
[badbot]
enabled  = true
filter   = badbot
logpath  = /nginx-logs/proxy-host-*_access.log
bantime  = 24h
findtime = 10m
maxretry = 3
action   = docker-npm
           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]

# ── NPM: HTTP Error Spamming ──────────────────────────────────────────────────
[http-errors]
enabled  = true
filter   = http-errors
logpath  = /nginx-logs/proxy-host-*_access.log
bantime  = 1h
findtime = 5m
maxretry = 15
action   = docker-npm
           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]

# ── NPM: Exploit Probing ──────────────────────────────────────────────────────
[npm-probe]
enabled  = true
filter   = npm-probe
logpath  = /nginx-logs/proxy-host-*_access.log
bantime  = 48h
findtime = 30m
maxretry = 3
action   = docker-npm
           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]

# ── Manual Bans ───────────────────────────────────────────────────────────────
[manual-bans]
enabled  = true
filter   = manual-bans
logpath  = /dev/null
bantime  = -1
findtime = 1d
maxretry = 1
action   = docker-npm
           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]

# ── Recidive — repeat offenders ───────────────────────────────────────────────
[recidive]
enabled  = false
filter   = recidive
logpath  = /var/log/fail2ban.log
bantime  = 7d
findtime = 1d
maxretry = 3
action   = docker-npm
           cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]