# ── F2B Control Center — jail configuration ───────────────────────────────────
# Installed to /etc/fail2ban/jail.local on first container start.
# Persisted in the f2b-config Docker volume — survives image updates.
#
# CLOUDFLARE: set CF_EMAIL + CF_APIKEY in docker-compose.yml to enable WAF banning.
# ─────────────────────────────────────────────────────────────────────────────

[DEFAULT]
bantime    = 1h
findtime   = 10m
maxretry   = 5
allowipv6  = auto

# Populated by entrypoint from SUBNETS_TO_IGNORE env var on first run.
# Updated live by the dashboard — do not edit by hand.
ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16

# ── NPM: Bad Bots ─────────────────────────────────────────────────────────────
[badbot]
enabled  = true
filter   = badbot
logpath  = /nginx-logs/proxy-host-*_access.log
bantime  = 24h
findtime = 10m
maxretry = 3
action   = docker-npm

# ── NPM: HTTP Error Spamming ──────────────────────────────────────────────────
[http-errors]
enabled  = true
filter   = http-errors
logpath  = /nginx-logs/proxy-host-*_access.log
bantime  = 1h
findtime = 5m
maxretry = 15
action   = docker-npm

# ── NPM: Exploit Probing ──────────────────────────────────────────────────────
[npm-probe]
enabled  = true
filter   = npm-probe
logpath  = /nginx-logs/proxy-host-*_access.log
bantime  = 48h
findtime = 30m
maxretry = 3
action   = docker-npm

# ── Manual Bans ───────────────────────────────────────────────────────────────
# Populated via dashboard or: fail2ban-client set manual-bans banip <IP>
[manual-bans]
enabled  = true
filter   = manual-bans
logpath  = /dev/null
bantime  = -1
findtime = 1d
maxretry = 1
action   = docker-npm

# ── Recidive — repeat offenders ───────────────────────────────────────────────
# Escalates bans to 7d for IPs that get banned 3+ times within a day.
# Enable once your other jails have been running for a while.
[recidive]
enabled  = false
filter   = recidive
logpath  = /var/log/fail2ban.log
bantime  = 7d
findtime = 1d
maxretry = 3
action   = docker-npm