Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fail2ban Middleware does not recognise 200 status code #136

Open
PS1TD opened this issue Aug 6, 2024 · 12 comments
Open

Fail2ban Middleware does not recognise 200 status code #136

PS1TD opened this issue Aug 6, 2024 · 12 comments

Comments

@PS1TD
Copy link

PS1TD commented Aug 6, 2024
edited by tomMoulard
Loading

For some reason my setup does not recognize successful status codes and bans on the 11th request.
I also don't see anything in the logs even though I have enabled DEBUG logging.
Setup:

apiVersion: traefik.io/v1alpha1
kind: Middleware
metadata:
    name: fail2ban
spec:
    plugin:
        fail2ban:
            logLevel: DEBUG
            rules:
                bantime: 30m
                enabled: "true"
                findtime: 10m
                maxretry: "10"
                statuscode: 400-499
apiVersion: traefik.io/v1alpha1
kind: IngressRoute
metadata:
    name: whoami-http
spec:
    entryPoints:
        - http
    routes:
        - match: Host(`redacted.com`) || Host(`www.redacted.com`)
          kind: Rule
          services:
              - name: whoami
                port: 80
          middlewares:
              - namespace: traefik
                name: fail2ban
@jacksoncastilho
Copy link

jacksoncastilho commented Sep 4, 2024
edited
Loading

I had the same problem :(

@arp-mbender
Copy link

arp-mbender commented Sep 6, 2024
edited
Loading

I think I'm seeing the same things myself. Is this plugin working? 🤔

@tomMoulard
Copy link
Owner

Hello all,

Thanks for your interest in this Traefik plugin !

I've released https://github.com/tomMoulard/fail2ban/releases/tag/v0.8.2 with an intensive logging approach. Can you try again your issue with the latest version and tell me if it's still relevant ?

Thanks !

@arp-mbender
Copy link

arp-mbender commented Sep 6, 2024
edited by tomMoulard
Loading

I'm immediately hit with an error when trying to load the latest version into Traefik:

2024-09-06T20:15:38Z INF Loading plugins... plugins=["GeoBlock","fail2ban"]
2024-09-06T20:15:39Z ERR plugins-storage/sources/gop-281385154/src/github.com/tomMoulard/fail2ban/pkg/data/data.go:14:9: panic: github.com/tomMoulard/fail2ban/pkg/data(...) module=github.com/tomMoulard/fail2ban plugin=plugin-fail2ban runtime=
panic: reflect.Set: value of type string is not assignable to type struct { Logger *stdlib.logLogger } [recovered]
	panic: reflect.Set: value of type string is not assignable to type struct { Logger *stdlib.logLogger }

goroutine 1 [running]:
github.com/traefik/yaegi/interp.runCfg.func1()
	github.com/traefik/[email protected]/interp/run.go:226 +0x1ae
panic({0x4976d20?, 0xc0022411f0?})
	runtime/panic.go:770 +0x132
reflect.Value.assignTo({0x4976d20?, 0xc002240c10?, 0xc002240c10?}, {0x5a6e45b, 0xb}, 0xc0020b58c0, 0x0)
	reflect/value.go:3356 +0x299
reflect.Value.Set({0xc0020b58c0?, 0xc002272040?, 0xc002272030?}, {0x4976d20?, 0xc002240c10?, 0xc001e0a2f0?})
	reflect/value.go:2325 +0xe6
github.com/traefik/yaegi/interp.call.func9(0xc001dc9600)
	github.com/traefik/[email protected]/interp/run.go:1391 +0xbc5
github.com/traefik/yaegi/interp.runCfg(0xc002220f00, 0xc001dc9600, 0x1?, 0x1?)
	github.com/traefik/[email protected]/interp/run.go:234 +0x285
github.com/traefik/yaegi/interp.(*Interpreter).run(0xc001cd7d48, 0xc002261400, 0xc00231bb01?)
	github.com/traefik/[email protected]/interp/run.go:119 +0x395
github.com/traefik/yaegi/interp.(*Interpreter).importSrc(0xc001cd7d48, {0xc00231bb90, 0x28}, {0xc00231bb01, 0x27}, 0x1)
	github.com/traefik/[email protected]/interp/src.go:162 +0xf3b
github.com/traefik/yaegi/interp.(*Interpreter).gta.func1(0xc0021f5b80)
	github.com/traefik/[email protected]/interp/gta.go:273 +0xcdb
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021f5b80, 0xc00269c710, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:282 +0x2e
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021f5540, 0xc00269c710, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021f52c0, 0xc00269c710, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*Interpreter).gta(0xc001cd7d48, 0xc0021f52c0, {0xc00231bb90, 0x28}, {0xc00231b741, 0x28}, {0xc001ca50e7, 0x5})
	github.com/traefik/[email protected]/interp/gta.go:20 +0x22b
github.com/traefik/yaegi/interp.(*Interpreter).importSrc(0xc001cd7d48, {0xc001da78e0, 0x1e}, {0xc00231b741, 0x28}, 0x1)
	github.com/traefik/[email protected]/interp/src.go:109 +0x925
github.com/traefik/yaegi/interp.(*Interpreter).gta.func1(0xc0021c1180)
	github.com/traefik/[email protected]/interp/gta.go:273 +0xcdb
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021c1180, 0xc00269d458, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:282 +0x2e
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021c0140, 0xc00269d458, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b1e00, 0xc00269d458, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*Interpreter).gta(0xc001cd7d48, 0xc0021b1e00, {0xc001da78e0, 0x1e}, {0xc001da7821, 0x1e}, {0xc001c912e8, 0x8})
	github.com/traefik/[email protected]/interp/gta.go:20 +0x22b
github.com/traefik/yaegi/interp.(*Interpreter).importSrc(0xc001cd7d48, {0xc001c90e88, 0x4}, {0xc001da7821, 0x1e}, 0x1)
	github.com/traefik/[email protected]/interp/src.go:109 +0x925
github.com/traefik/yaegi/interp.(*Interpreter).gta.func1(0xc0021b1b80)
	github.com/traefik/[email protected]/interp/gta.go:273 +0xcdb
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b1b80, 0xc00269e1a0, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:282 +0x2e
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b1a40, 0xc00269e1a0, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*node).Walk(0xc0021b17c0, 0xc00269e1a0, 0x0)
	github.com/traefik/[email protected]/interp/interp.go:286 +0x6b
github.com/traefik/yaegi/interp.(*Interpreter).gta(0xc001cd7d48, 0xc0021b17c0, {0xc001c90e88, 0x4}, {0xc001c90e88, 0x4}, {0xc001c90e88, 0x4})
	github.com/traefik/[email protected]/interp/gta.go:20 +0x22b
github.com/traefik/yaegi/interp.(*Interpreter).gtaRetry(0xc001cd7d48, {0xc00269e388?, 0xc0016854a0?, 0xc00269e2c8?}, {0xc001c90e88, 0x4}, {0xc001c90e88, 0x4})
	github.com/traefik/[email protected]/interp/gta.go:395 +0x158
github.com/traefik/yaegi/interp.(*Interpreter).CompileAST(0xc001cd7d48, {0x698b9a0?, 0xc0016854a0?})
	github.com/traefik/[email protected]/interp/program.go:92 +0x11f
github.com/traefik/yaegi/interp.(*Interpreter).compileSrc(0xc001cd7d48, {0xc00231b680?, 0x1?}, {0x0?, 0xc00231b680?}, 0xa0?)
	github.com/traefik/[email protected]/interp/program.go:64 +0xaa
github.com/traefik/yaegi/interp.(*Interpreter).eval(0xc001cd7d48, {0xc00231b680?, 0xc00269e8c8?}, {0x0?, 0x1?}, 0x0?)
	github.com/traefik/[email protected]/interp/interp.go:554 +0x25
github.com/traefik/yaegi/interp.(*Interpreter).Eval(...)
	github.com/traefik/[email protected]/interp/interp.go:496
github.com/traefik/traefik/v3/pkg/plugins.newInterpreter({0x69bd0c0, 0xc001f5f8c0}, {0xc001c753e0, 0x25}, {0xc001da6a00, 0x1e})
	github.com/traefik/traefik/v3/pkg/plugins/middlewareyaegi.go:140 +0x589
github.com/traefik/traefik/v3/pkg/plugins.newMiddlewareBuilder({0x69bd0c0?, 0xc001f5f8c0?}, {0xc001c753e0?, 0x1?}, 0xc001b0f9e0, {0xc001c806e0?, 0x69bcfe0?}, {{0x0, 0x0, 0x0}, ...})
	github.com/traefik/traefik/v3/pkg/plugins/builder.go:142 +0x16f
github.com/traefik/traefik/v3/pkg/plugins.NewBuilder(0xc001c47310, 0xc001c77710, 0xc002590270)
	github.com/traefik/traefik/v3/pkg/plugins/builder.go:55 +0x6d5
main.createPluginBuilder(0xc001a434a0?)
	github.com/traefik/traefik/v3/cmd/traefik/plugins.go:18 +0x2b
main.setupServer(0xc001b0e120)
	github.com/traefik/traefik/v3/cmd/traefik/traefik.go:238 +0xa86
main.runCmd(0xc001b0e120)
	github.com/traefik/traefik/v3/cmd/traefik/traefik.go:117 +0x2b4
main.main.func1({0xc001957bc0?, 0xc0001d2080?, 0x10?})
	github.com/traefik/traefik/v3/cmd/traefik/traefik.go:65 +0x19
github.com/traefik/paerser/cli.run(0xc0018f3200, {0xc0001d2080, 0x0?, 0x0})
	github.com/traefik/[email protected]/cli/commands.go:133 +0x243
github.com/traefik/paerser/cli.execute(0xc0018f3200, {0xc0001d2080, 0x2, 0x2}, 0x28?)
	github.com/traefik/[email protected]/cli/commands.go:76 +0x6cf
github.com/traefik/paerser/cli.Execute(...)
	github.com/traefik/[email protected]/cli/commands.go:51
main.main()
	github.com/traefik/traefik/v3/cmd/traefik/traefik.go:81 +0x554

traefik.yml has just this for the plugin loading:

experimental:
  plugins:
    GeoBlock:
      moduleName: "github.com/PascalMinder/geoblock"
      version: "v0.2.8"
    fail2ban:
      moduleName: "github.com/tomMoulard/fail2ban"
      version: "v0.8.2"

@tomMoulard
Copy link
Owner

indeed, my bad, I've released https://github.com/tomMoulard/fail2ban/tree/v0.8.3 that should fix this particular panic issue.

@arp-mbender
Copy link

arp-mbender commented Sep 7, 2024
edited by tomMoulard
Loading

indeed, my bad, I've released https://github.com/tomMoulard/fail2ban/tree/v0.8.3 that should fix this particular panic issue.

This new version loads fine, but doesn't log anything beyond the initial first message.

2024/09/07 10:02:33 Plugin: FailToBan is up and running

The middleware configuration I've got is:

http:
  middlewares:
    fail2ban:
      plugin:
        fail2ban:
          logLevel: DEBUG
#          allowlist:
#            ip: 10.150.0.0/16
#         denylist:
#           ip: 192.168.0.0/24
          rules:
            bantime: 5m
            enabled: true
            findtime: 30s
            maxretry: 5
            statuscode: "400,401,403-499"

And much like with the initial case described by @PS1TD, this version blocks connectivity after just opening a loading screen, as if 200s were 400s...

@tomMoulard
Copy link
Owner

Did you enable traefik DEBUG log level ? If so, have you the following log ?

DBG github.com/traefik/traefik/v3/pkg/plugins/plugins.go:30 > Loading of plugin: fail2ban: github.com/tomMoulard/[email protected]

@arp-mbender
Copy link

arp-mbender commented Sep 7, 2024
edited
Loading

Good point. I failed to notice this bit from the documentation:
Please note that Fail2ban logs will only be visible when Traefik's log level is set to DEBUG

After setting this I'm... well, I'm getting a bit overly swarmed with logs now.

But I think I've managed to isolate a fragment of fail2ban, from startup to this middelware blocking me from accessing a login page (i.e. I've not yet provided any credentials, valid or invalid). While this should not matter, I'm attempting to access "Home Assistant", to which I've got the credentials cached (i.e. there should be no 400s at all).

Note: I've removed all routing information from the logs as other services are being frequently accessed and add a lot of noise, and I've stripped a module=github.com/tomMoulard/fail2ban plugin=plugin-fail2ban runtime= suffix from fail2ban logs. Finally I've had to remove fail2ban "Write: buf:" rows, as they are VERY long and break the limits of posting on GitHub. If those are required I'll find some other ways to share them.

2024-09-07T15:59:52Z DBG github.com/traefik/traefik/v3/pkg/middlewares/observability/middleware.go:33 > Adding tracing to middleware entryPointName=websecure middlewareName=fail2ban@file routerName=haos@file

2024-09-07T15:59:54Z DBG github.com/traefik/traefik/v3/pkg/server/configurationwatcher.go:227 > Configuration received config={"http":{"middlewares":{"fail2ban":{"plugin":{"fail2ban":{"logLevel":"DEBUG","rules":{"bantime":"5m","enabled":"true","findtime":"30s","maxretry":"5","statuscode":"400,401,403-499"}}}}..."


2024/09/07 16:00:12 Plugin: FailToBan is up and running

2024/09/07 16:00:14 Plugin: FailToBan is up and running

2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url / not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome "10.152.4.15" 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 

2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Content-Encoding:[deflate] Content-Length:[2297] Content-Type:[text/html; charset=utf-8] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Referrer-Policy:[no-referrer] Server:[] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc00220eae0 XheadersSent:true Xbytes:[] XallowedRequest:false} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /frontend_latest/core.ydYtuXnHVAs.js not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome back "10.152.4.15" for the 2 time 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 

2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /frontend_latest/app.okM55PX7yEE.js not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome back "10.152.4.15" for the 3 time 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 

2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /static/images/ohf-badge.svg not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > welcome back "10.152.4.15" for the 4 time 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > status handler 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 

2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /static/fonts/roboto/Roboto-Regular.woff2 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is banned for 5>=5 request 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /static/fonts/roboto/Roboto-Medium.woff2 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /hacsfiles/iconset.js not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is still banned since "2024-09-07T16:00:22Z", 6 request 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is still banned since "2024-09-07T16:00:22Z", 7 request 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Accept-Ranges:[bytes] Cache-Control:[public, max-age=2678400] Content-Encoding:[br] Content-Length:[15482] Content-Type:[text/javascript] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Etag:["17eefe1f5dc34c00-3c7a"] Last-Modified:[Sun, 25 Aug 2024 14:11:58 GMT] Referrer-Policy:[no-referrer] Server:[] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc001d61900 XheadersSent:true Xbytes:[] XallowedRequest:false} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > Write header: code: 200 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Accept-Ranges:[bytes] Cache-Control:[public, max-age=2678400] Content-Encoding:[gzip] Content-Length:[3522] Content-Type:[image/svg+xml] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Etag:["17eefe1f5dc34c00-dc2"] Last-Modified:[Sun, 25 Aug 2024 14:11:58 GMT] Referrer-Policy:[no-referrer] Server:[] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc00220f4a0 XheadersSent:true Xbytes:[] XallowedRequest:false} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > catcher: {XheaderMap:map[Accept-Ranges:[bytes] Cache-Control:[public, max-age=2678400] Content-Encoding:[br] Content-Length:[74998] Content-Type:[text/javascript] Date:[Sat, 07 Sep 2024 16:00:29 GMT] Etag:["17eefe1f5dc34c00-124f6"] Last-Modified:[Sun, 25 Aug 2024 14:11:58 GMT] Referrer-Policy:[no-referrer] Server:[] Vary:[Accept-Encoding] X-Content-Type-Options:[nosniff] X-Frame-Options:[SAMEORIGIN]] Xcode:200 XhttpCodeRanges:[[400 400] [401 401] [403 499]] XcaughtFilteredCode:false XresponseWriter:0xc002130c40 XheadersSent:true Xbytes:[] XallowedRequest:false} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is denied 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > IP 10.152.4.15 not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > data: &{RemoteIP:10.152.4.15} 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > url /auth/token not is allowed 
2024-09-07T16:00:22Z DBG fmt/print.go:225 > "10.152.4.15" is still banned since "2024-09-07T16:00:22Z", 8 request

Like @PS1TD I'm not using any urlregexps in the configuration, nor any denylist nor allowlist. I.e. I'm just interested in filtering based on status codes.

@SeTh1032
Copy link

Hi, I just stumbled upon the same problem and think that the issue is here:

fail2ban/fail2ban.go

Line 143 in 6b3824f

f2bHandler.New(f2b),

The f2b-handler is called in the chain before the status-code-handler and thus fail2bans EVERY request (see also here:

fail2ban/pkg/chain/chain.go

Line 84 in 6b3824f

(*c.status).ServeHTTP(w, r)
)

I think that f2bHandler.New(f2b), should not be in the handler-chain at all for this to work...

@tomMoulard
Copy link
Owner

Indeed I could try reversing the order in the chain but I doupt I will work as you intend.

For you last part, removing the handler will remove it's ability to catch status codes. But indeed, it will count twice the request in the handler.

@SeTh1032
Copy link

SeTh1032 commented Sep 25, 2024
edited
Loading

The status-code handler internally calls the f2b if a proper status-code is detected. Why call the f2b-handler "naked" (without any preconditions) in the chain at all? It then counts every request against the "maxRetry", even "legal" ones with a 200 response-code.

@SeTh1032
Copy link

I'd think that inside the chain one would need a handler that continues blocking, if an IP is already on the ban-list, but that does not blindly increase ip.count towards maxRetries. Increasing the counter for an IP may only happen if a precondition for a "failed"-request is met (like inside the URLRegexBan or the http-status-handler).

(I'm not able to write Go-code myself, otherwise I'd create a merge-request)

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
5 participants
@tomMoulard @PS1TD @jacksoncastilho @arp-mbender @SeTh1032