Using failregex to ban using response's data

[phirestalker]

Is there a way to ban using a failregex filter on an access log line?

I had fail2ban on my host protecting the docker proxy instance when i was using nginx-proxy. Here is the line from my custom filter

failregex = ^.*\s<HOST>.*"(GET|POST).*" (404|444|403|400) .*$

EDIT:

Does this plugin only ban according to urlregexp and if I leave it blank it blocks all access?

[tomMoulard]

For now, there is no way to do this with this plugin.
But since the can be a new feature to support, I'll add the correct label the enhance the plugin :)

[phirestalker]

Ya, I looked at the source code after I asked. If I do not set any of those options, it will literally block any connecting address after n attempts. I don't know why I didn't think to look first.

…

On Sat, Aug 28, 2021 at 8:52 PM Tom Moulard ***@***.***> wrote: To paraphrase the plugin''s description on pilot <https://pilot.traefik.io/plugins/605afbaaa5f67ab9a1b0e51c/fail2-ban> : Blacklist (or whitelist) IP depending on some conditions — You are receiving this because you authored the thread. Reply to this email directly, view it on GitHub <#40 (comment)>, or unsubscribe <https://github.com/notifications/unsubscribe-auth/ABZBOZZGGJFD2Z3LBTCVDSTT7GVJJANCNFSM5C7FXMKA> . Triage notifications on the go with GitHub Mobile for iOS <https://apps.apple.com/app/apple-store/id1477376905?ct=notification-email&mt=8&pt=524675> or Android <https://play.google.com/store/apps/details?id=com.github.android&referrer=utm_campaign%3Dnotification-email%26utm_medium%3Demail%26utm_source%3Dgithub>.

[phirestalker]

I had an unrelated question about the plugin's development.
How did you set up the test environment for developing this plugin?
Did you use some kind of virtual environment?