mykey/Fail2Ban-Dashboard---NPM
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
275d9117c98508911189736a74f3349bc69157c3
Fail2Ban-Dashboard---NPM/fail2ban/jail.cloudflare.local
gitea ec97c06d07 fix: full audit pass — placeholder logs, jq, allowipv6, stale refs 
- entrypoint: create proxy-host-placeholder_access.log if no NPM logs
  exist so fail2ban can start before any proxy hosts are configured
- docker-compose: remove :ro from nginx-logs mount (needed for placeholder)
- Dockerfile: add jq (required by cloudflare.conf actionunban)
- cloudflare.conf: replace python3 JSON parsing with jq; clean stale comments
- jail.local + jail.cloudflare.local: add allowipv6 = auto to suppress warning
- jail.cloudflare.local: remove stale .env and docker-compose.cloudflare.yml refs

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-02-20 16:07:56 +00:00

75 lines
3.0 KiB
Plaintext
Raw Blame History

# ── F2B Control Center — jail configuration (Cloudflare) ─────────────────────
# Installed when CF_EMAIL + CF_APIKEY are set in docker-compose.yml.
# Adds the Cloudflare WAF action to every jail alongside iptables.
# Credentials are injected from environment — not stored here.
# ─────────────────────────────────────────────────────────────────────────────
[DEFAULT]
bantime = 1h
findtime = 10m
maxretry = 5
allowipv6 = auto
# Populated by entrypoint from SUBNETS_TO_IGNORE env var on first run.
# Updated live by the dashboard — do not edit by hand.
ignoreip = 127.0.0.1/8 ::1 10.0.0.0/8 172.16.0.0/12 192.168.0.0/16
# Cloudflare credentials — set CF_EMAIL and CF_APIKEY in docker-compose.yml.
cf_email = %(ENV[CF_EMAIL])s
cf_apikey = %(ENV[CF_APIKEY])s
# ── NPM: Bad Bots ─────────────────────────────────────────────────────────────
[badbot]
enabled = true
filter = badbot
logpath = /nginx-logs/proxy-host-*_access.log
bantime = 24h
findtime = 10m
maxretry = 3
action = docker-npm
cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
# ── NPM: HTTP Error Spamming ──────────────────────────────────────────────────
[http-errors]
enabled = true
filter = http-errors
logpath = /nginx-logs/proxy-host-*_access.log
bantime = 1h
findtime = 5m
maxretry = 15
action = docker-npm
cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
# ── NPM: Exploit Probing ──────────────────────────────────────────────────────
[npm-probe]
enabled = true
filter = npm-probe
logpath = /nginx-logs/proxy-host-*_access.log
bantime = 48h
findtime = 30m
maxretry = 3
action = docker-npm
cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
# ── Manual Bans ───────────────────────────────────────────────────────────────
[manual-bans]
enabled = true
filter = manual-bans
logpath = /dev/null
bantime = -1
findtime = 1d
maxretry = 1
action = docker-npm
cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
# ── Recidive — repeat offenders ───────────────────────────────────────────────
[recidive]
enabled = false
filter = recidive
logpath = /var/log/fail2ban.log
bantime = 7d
findtime = 1d
maxretry = 3
action = docker-npm
cloudflare[cf_email="%(cf_email)s", cf_apikey="%(cf_apikey)s"]
Reference in New Issue View Git Blame Copy Permalink