README
¶
caddy-fail2ban
A simple package to add fail2ban support to caddy. This simple module adds a fail2ban HTTP matcher based on a text file of IP addresses.
Getting Started
First, make sure to build your caddy with support for this module:
RUN xcaddy build \
--with github.com/Javex/caddy-fail2ban@main
Then insert this into your Caddyfile:
@banned {
fail2ban ./banned-ips
}
handle @banned {
abort
}
The right place for it depends on your setup, but you can find more complete examples in the examples/ directory.
Next, you will need to create the fail2ban action. You can copy the suggested one if you like:
$ cp fail2ban/caddy-banfile.conf /etc/fail2ban/actions.d/caddy-banfile.conf
Now in any of your jails if you want to block requests at the HTTP layer, you can use the action:
action = caddy-banfile[banfile_path="/etc/caddy/banned-ips"]
The above path is the default so you can omit the banfile_path parameter if you like.
Running tests
First run the go unit tests, then spin up a docker container to test the integration with fail2ban
go build -v ./...
go test -v ./...
sudo docker build . -t caddy-fail2ban
sudo docker run --rm --name caddy-fail2ban --detach -v $PWD/test/Caddyfile:/etc/caddy/Caddyfile caddy-fail2ban
sudo docker exec -it caddy-fail2ban /usr/local/bin/caddy-fail2ban-test.sh
sudo docker logs caddy-fail2ban
sudo docker stop caddy-fail2ban
Documentation
¶
Index ¶
Constants ¶
This section is empty.
Variables ¶
This section is empty.
Functions ¶
This section is empty.
Types ¶
type Fail2Ban ¶
type Fail2Ban struct {
Banfile string `json:"banfile"`
// contains filtered or unexported fields
}
Fail2Ban implements an HTTP handler that checks a specified file for banned IPs and matches if they are found
func (Fail2Ban) CaddyModule ¶
func (Fail2Ban) CaddyModule() caddy.ModuleInfo
CaddyModule returns the Caddy module information.
Source Files