The plugin was not imported into Traefik Pilot.

Cause:

failed to run with Yaegi: plugin: failed to create a new plugin instance: open file1.txt: no such file or directory

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

The plugin was not imported into Traefik Pilot.

Cause:

unsupported plugin: the module name (github.com/tommoulard/fail2ban) doesn't contain the GitHub repository name (github.com/tomMoulard/fail2ban)

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

I couldn't find it in the documentation on how to read logs (in my case authelia logs) to block IP addresses.
What is the equivalent of jail.d, action.d and filter.d fail2ban directories in this plugin?

I want to read authelia logs and block the IP addresses that fail to login for n number of times. I think this is doable by running a dedicated fail2ban container, but I noticed this plugin and it looked like a better alternative.

Hello,

I'm trying to setup this plugin and I can't get it to work.

My environment is kubernetes (k3s), my traefik (ingress-controller) is working as expected before starting to play with fail2ban.

   args:
   - --providers.kubernetescrd
   - --providers.kubernetescrd.namespaces=default,kube-system
   - --providers.file
   - --providers.file.filename=/fail2ban/rules-fail2ban.yaml
   - --entrypoints.web.address=:80
   - --entrypoints.websecure.address=:443
   - --entrypoints.storjstoragenodetcp.address=:28967
   - --entrypoints.syncthingsynctcp.address=:22000
   - --entrypoints.syncthingsyncudp.address=:22000/udp
   - --entrypoints.syncthingdiscoveryudp.address=:21027/udp
   - --entrypoints.sambamds.address=:445
   - --entrypoints.sambanbt.address=:139
   - --entrypoints.sambandgmudp.address=:138/udp
   - --entrypoints.sambannsudp.address=:137/udp
   - --api.insecure
   - --pilot.token=<HIDDEN>
   - --experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban
   - --experimental.plugins.fail2ban.version=v0.6.2
   - --certificatesresolvers.le.acme.email=<HIDDEN>
   - --certificatesresolvers.le.acme.storage=/cert/acme.json
   - --certificatesResolvers.le.acme.httpChallenge.entryPoint=web
   - --serverstransport.insecureskipverify=true
   - --accesslog=true
   - --accesslog.filepath=/logs/access.log
   - --accesslog.bufferingsize=100
   - --log.filePath=/logs/traefik.log
   - --log.level=INFO
   - --metrics=true
   - --metrics.prometheus.buckets=0.100000, 0.300000, 1.200000, 5.000000
   - --metrics.prometheus.addEntryPointsLabels=true
   - --metrics.prometheus.addServicesLabels=true

my rules-fail2ban.yaml is still the default one:

  http:
      middlewares:
          my-fail2ban:
              plugin:
                  fail2ban:
                      blacklist:
                          ip: 192.168.0.0/24
                      rules:
                          action: ""
                          actionAbuseipdb: ""
                          backend: ""
                          banaction: ""
                          banactionAllports: ""
                          bantime: 3h
                          chain: ""
                          destemail: ""
                          enabled: "true"
                          fail2banAgent: ""
                          filter: ""
                          findtime: 10m
                          ignorecommand: ""
                          logencoding: UTF-8
                          maxretry: "4"
                          mode: ""
                          mta: ""
                          ports: 0:8000
                          protocol: ""
                          sender: ""
                          urlregexp: ""
                          usedns: ""
                      whitelist:
                          ip: ::1,127.0.0.1

once starting traefik i don't the see plugin loading:

    time="2021-12-30T07:32:34Z" level=info msg="Traefik version 2.5.6 built on 2021-12-22T16:30:52Z"
    time="2021-12-30T07:32:34Z" level=info msg="Stats collection is enabled."
    time="2021-12-30T07:32:34Z" level=info msg="Many thanks for contributing to Traefik's improvement by allowing us to receive anonymous information from your configuration."
    time="2021-12-30T07:32:34Z" level=info msg="Help us improve Traefik by leaving this feature on :)"
    time="2021-12-30T07:32:34Z" level=info msg="More details on: https://doc.traefik.io/traefik/contributing/data-collection/"
    time="2021-12-30T07:32:35Z" level=info msg="Starting provider aggregator.ProviderAggregator {}"
    time="2021-12-30T07:32:35Z" level=info msg="Starting provider *file.Provider {\"watch\":true,\"filename\":\"/fail2ban/rules-fail2ban.yaml\"}"
    time="2021-12-30T07:32:35Z" level=info msg="Starting provider *traefik.Provider {}"
    time="2021-12-30T07:32:35Z" level=info msg="Starting provider *crd.Provider {\"namespaces\":[\"default\",\"kube-system\"]}"
    time="2021-12-30T07:32:35Z" level=info msg="Starting provider *acme.ChallengeTLSALPN {\"Timeout\":4000000000}"
    time="2021-12-30T07:32:35Z" level=info msg="Starting provider *acme.Provider {\"email\":\"<HIDDEN>\",\"caServer\":\"https://acme-v02.api.letsencrypt.org/directory\",\"storage\":\"/cert/acme.json\",\"keyType\":\"RSA4096\",\"httpChallenge\":{\"entryPoint\":\"web\"},\"ResolverName\":\"le\",\"store\":{},\"TLSChallengeProvider\":{\"Timeout\":4000000000},\"HTTPChallengeProvider\":{}}"
    time="2021-12-30T07:32:35Z" level=info msg="label selector is: \"\"" providerName=kubernetescrd
    time="2021-12-30T07:32:35Z" level=info msg="Creating in-cluster Provider client" providerName=kubernetescrd
    time="2021-12-30T07:32:35Z" level=info msg="Testing certificate renew..." providerName=le.acme

Is there anything obvious i'm missing ?

The plugin was not imported into Traefik Pilot.

Cause:

failed to get readme: failed to get readme: GET https://api.github.com/repos/tomMoulard/fail2ban/readme?ref=v0.6.2: 502  []

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

The plugin was not imported into Traefik Pilot.

Cause:

the import "github.com/tommoulard/fail2ban" must be related to the module name "github.com/tomMoulard/fail2ban"

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

Good afternoon,

The asset used as the logo for this project on the Traefik community page, hosted here is a registered UK trademark with registration number UK00003584429.

Please remove our trademarked asset from this project.

Hi,

Thanks for creating this project, it looks very useful.

Is it possible to add rules for response codes instead of URL paths? E.G for 401 / 403 response from upstream server?

Thanks

The plugin was not imported into Traefik Pilot.

Cause:

unsupported plugin: the module name (github.com/tommoulard/fail2ban) doesn't contain the GitHub repository name (github.com/tomMoulard/fail2ban)

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

The plugin was not imported into Traefik Plugin Catalog.

Cause:

failed to run the plugin with Yaegi: the load of the plugin takes too much time(10s), or an error, inside the plugin, occurs during the load: 1:21: import "github.com/tomMoulard/fail2ban" error: /tmp/traefik-plugin-gop3322109729/src/github.com/tomMoulard/fail2ban/fail2ban.go:18:2: import "github.com/tomMoulard/fail2ban/log" error: /tmp/traefik-plugin-gop3322109729/src/github.com/tomMoulard/fail2ban/log/log_debug.go:17:16: unknown field logger in struct literal

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

So, I added this plugin to Traefik 2.7 by adding this to traefik.toml:

[experimental.plugins.fail2ban]
  moduleName = "github.com/tomMoulard/fail2ban"
  version = "v0.7.1"

and this to the dynamic-conf.toml:

[http.middlewares.my-fail2ban]
  [http.middlewares.my-fail2ban.plugin]
    [http.middlewares.my-fail2ban.plugin.fail2ban]
      [http.middlewares.my-fail2ban.plugin.fail2ban.rules]
        bantime = "1h"
        enabled = "true"
        findtime = "1m"
        maxretry = "60"
      [http.middlewares.my-fail2ban.plugin.fail2ban.whitelist]
        ip = "::1,127.0.0.1,172.19.0.0/16,172.17.0.0/16"

After restarting the Traefik container the following error is thrown in the Traefik console:

2023/10/18 11:46:59 traefik.go:80: command traefik error: github.com/tomMoulard/fail2ban: failed to import plugin code "github.com/tomMoulard/fail2ban": 1:21: import "github.com/tomMoulard/fail2ban" error: plugins-storage/sources/gop-3703202570/src/github.com/tomMoulard/fail2ban/fail2ban.go:17:2: import "github.com/tomMoulard/fail2ban/ipchecking" error: plugins-storage/sources/gop-3703202570/src/github.com/tomMoulard/fail2ban/ipchecking/ipChecking.go:7:2: import "net/netip" error: unable to find source related to: "net/netip"

This doesn't seem like something I misconfigured, but I could be mistaken. Any idea?

Hi, are there any plans to implement such feature using email/telegram/....? Thank you.

Hello. Plugin's config reading fails with an error "not valid".

Prerequisites:

Traefik version 2.9.5
fail2ban version v0.6.6

middlewares.yml:

http:
  middlewares:
    mw-fail2ban:
      plugin:
        fail2ban:
          rules:
            bantime: 1h
            findtime: 1s
            enabled: true
            maxretry: 50
            ports:
              - 443
          blacklist:
            ip: []
          whitelist:
            ip:
              - 192.168.1.0/24

The result:

$ docker-compose up traefik 
Starting dup-traefik ... done
Attaching to dup-traefik
dup-traefik   | time="2023-06-08T20:05:41+03:00" level=info msg="Configuration loaded from flags."
dup-traefik   | IPChecking: 2023/06/08 20:05:42 restricted.go:51: &{%!e(string=CIDR address) %!e(string=║24║192.168.1.0/24)}
dup-traefik   | IPChecking: 2023/06/08 20:05:42 restricted.go:51: Error: ║24║192.168.1.0/24 not valid

Suggestions

After looking through ipChecking.go I can assume that the problem is around line 46 -- according to docs, net.ParseIP does not expect a subnet in an input string, that's what net.ParseCIDR is for.

Doesn't seem to work with last Traefik 3 (beta4):

traefik.yml

experimental:
  plugins:
    fail2ban:
      moduleName: github.com/tomMoulard/fail2ban
      version: v0.7.1

middleware

    fail2ban:
      plugin:
        fail2ban:
          blacklist:
            ip:
              - 51.15.34.47
              - 45.142.182.119
              - 164.68.124.86

Logs

{"level":"error","error":"github.com/tomMoulard/fail2ban: failed to import plugin code \"github.com/tomMoulard/fail2ban\": 1:21: import \"github.com/tomMoulard/fail2ban\" error: plugins-storage/sources/gop-3425862140/src/github.com/tomMoulard/fail2ban/fail2ban.go:18:2: import \"github.com/tomMoulard/fail2ban/log\" error: plugins-storage/sources/gop-3425862140/src/github.com/tomMoulard/fail2ban/log/log_debug.go:17:16: unknown field logger in struct literal","time":"2023-11-01T20:40:03+01:00","message":"Plugins are disabled because an error has occurred."}

Can I add more details needed to review ?

or does it work only for Enterprise versions of Traefik?

Is installation procedure the same?

As noted in this discussion, fail2ban currently only uses the request's IP for banning. This makes it impossible to properly ban IPs when behind a proxy, like Cloudflare.
A configuration option to pull the IP from a request header or other source would be ideal.

The plugin was not imported into Traefik Pilot.

Cause:

unsupported plugin: the module name (github.com/tommoulard/fail2ban) doesn't contain the GitHub repository name (github.com/tomMoulard/fail2ban)

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

The required ports configuration is missing in README.md.

This should be documented to ease the inital setup.

Hi all,

I've searched for a while and it seems there's no description on the Internet or in README about how people ban or unban the IP addresses manually once it got banned via this middleware. I used this function sometimes when some allies got banned by accident or the fillter is just too strict.

My plan is using this middleware in my Kubernetes cluster with Traefik Ingress. Is there any way to do it? It'd be so helpful rather than only waiting it timed out.

e.g.
The way I use it via Ubuntu standalone:
fail2ban-client set [RULE-NAME] ban/ubanip [IP]

Hello,

Are TCP or UDP entrypoints supported?

Thank you!

The ipchecking package should manage IPv6, you might wanna use net go package

Hello, I discovered your plugin today ! This is how i have configured it :

command:
      - "--experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban"
      - "--experimental.plugins.fail2ban.version=v0.6.0"
labels:
      - "traefik.http.middlewares.fail2ban.plugin.fail2ban.rules.enabled=true"
      - "traefik.http.middlewares.fail2ban.plugin.fail2ban.rules.maxretry=4"
      - "traefik.http.middlewares.fail2ban.plugin.fail2ban.rules.bantime=1h"

My goal is to block the access of a service if there are for example 4 logins fails.
Actually it does not works, i can repeat many login errors without problem. ( i restarted for sure )

I think that there is something that i don't have understand.
I don't made any changes on my service (application) side. I should do something ??

I can see my middleware in traefik -> fail2ban@docker

Thanks for help :)

The plugin was not imported into Traefik Plugin Catalog.

Cause:

failed to get the latest tag: invalid tag: v0.1 (this tag must be removed, see https://semver.org)

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

Proposal

Do not know whether it is possible with plugins, but add a dashboard preview of all banned IPs with the ability to unban, possibly whitelist/blacklist them (this would require a separate db file probably), ...

Is there a way to ban using a failregex filter on an access log line?

I had fail2ban on my host protecting the docker proxy instance when i was using nginx-proxy. Here is the line from my custom filter

failregex = ^.*\s<HOST>.*"(GET|POST).*" (404|444|403|400) .*$

EDIT:

Does this plugin only ban according to urlregexp and if I leave it blank it blocks all access?

I seem to have an issue where fail2ban reactives a previous ban on an ip when the same ip tries to access the site after ban expires.

Environment:

• traefik 2.4.8
• fail2ban 0.6.0

middelwares.toml
  [http.middlewares.my-fail2ban]
    [http.middlewares.my-fail2ban.plugin]
      [http.middlewares.my-fail2ban.plugin.fail2ban]
        [http.middlewares.my-fail2ban.plugin.fail2ban.blacklist]
          ip = [""]
        [http.middlewares.my-fail2ban.plugin.fail2ban.rules]
          action = ""
          actionAbuseipdb = ""
          backend = ""
          banaction = ""
          banactionAllports = ""
          bantime = "1m"
          chain = ""
          destemail = ""
          enabled = true
          fail2banAgent = ""
          filter = ""
          findtime = "1m"
          ignorecommand = ""
          logencoding = "UTF-8"
          maxretry = 4
          mode = ""
          mta = ""
          ports = "0:8000"
          protocol = ""
          sender = ""
          urlregexp = ""
          usedns = ""
        [http.middlewares.my-fail2ban.plugin.fail2ban.whitelist]
          ip = ["::1", "127.0.0.1", "192.168.1.0/24", "172.16.1.0/16"]

static config:

      - --pilot.token=<redacted>
      - --experimental.plugins.fail2ban.modulename=github.com/tommoulard/fail2ban
      - --experimental.plugins.fail2ban.version=v0.6.0

service config:
- "traefik.http.routers.authelia-rtr.middlewares=my-fail2ban@file,chain-no-auth@file"

Traefik log after restart:

Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: Whitelisted: '::1/128'
Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: Whitelisted: '127.0.0.1/32'
Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: Whitelisted: '192.168.1.0/24'
Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: Whitelisted: '172.16.0.0/16'
Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: Bantime: 1m0s
Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: Findtime: 1m0s
Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: Ports range from 0 to 8000
Fail2Ban_config: 2021/04/05 08:57:45 restricted.go:51: FailToBan Rules : '{Xbantime:1m0s Xfindtime:1m0s Xurlregexp:[] Xmaxretry:4 Xenabled:true Xports:[0 8000]}'
Fail2Ban: 2021/04/05 08:57:45 restricted.go:52: Plugin: FailToBan is up and running

Triggering ban:

Fail2Ban: 2021/04/05 09:03:17 restricted.go:52: <external client ip> is in blacklist mode
Fail2Ban: 2021/04/05 09:03:21 restricted.go:52: <external client ip> is in blacklist mode
Fail2Ban: 2021/04/05 09:03:25 restricted.go:52: <external client ip> is in blacklist mode

Then waiting until bantime expires:

1 Fail2Ban: 2021/04/05 09:05:20 restricted.go:52: <external client ip> is now back in whitelist mode
2 Fail2Ban: 2021/04/05 09:05:33 restricted.go:52: <external client ip> is in blacklist mode
3 Fail2Ban: 2021/04/05 09:05:54 restricted.go:52: <external client ip> is in blacklist mode

When accessing Authelia after bantime expires (line 1) fail2ban correctly notifies that ip is back in whitelist mode. However, a new request (line 2) puts the client back in fail2ban mode. This does not seem right and I wonder where I have blundered in my setup?

Hi,
we have tried running this plugin (v0.6.6) in production to test out the fix of #52 but all the pages have started to load very slowly (before 200ms, 5-10s after enabling the plugin)

I suspect #51 to be the problem, where it always locks and waits until a requests is finished (maybe?)

Hey everyone,
I already reached out to the traefik community forum but couldn't find any help so far (post).

I'm trying to set up the fail2ban plugin and it works with my containous/whoami test container without a urlregexp rule.

I want to secure my Wordpress container by setting a urlregexp rule for the login page /wp-login.php. But it seems that no matter which rule I configure, fail2ban does not filter for the login page but takes all requests to the site for its calculations. This leads to access restrictions relatively fast on all Wordpress pages. My attempts so far (docker-compose of my Wordpress container):

    labels:
     [ ... ]
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.enabled=true"
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.bantime=5m"
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.findtime=1m"
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.maxretry=5"
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.ports=0:8000"

      # with and without \`
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.urlregexp=`.*\/wp-login.php.*`"
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.urlregexp=.*\/wp-login.php.*"
      - "traefik.http.middlewares.my-fail2ban.plugin.fail2ban.rules.urlregexp=.*\/wp\-login\.php.*" # throws compose parsing error

      - "traefik.http.routers.wordpress.middlewares=my-fail2ban@docker"
      [ ... ]

Is my regex not correct? Or am I mistaken what the urlregexp rule should do?

Thanks in advance

The plugin was not imported into Traefik Pilot.

Cause:

failed to run with Yaegi: plugin: failed to create a new plugin instance: open file1.txt: no such file or directory

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

The plugin was not imported into Traefik Pilot.

Cause:

failed to run with Yaegi: plugin: failed to create a new plugin instance: open tests/test-ipfile.txt: no such file or directory

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

Hi I'm not 100% sure as I'm a total noob when it comes to go.
But if I read the code correctly, the lock is not released until a http connection is done sending it's content?

This works great for normal requests, but when you have a websocket it can stay open for a long long time and cause all other requests to stall until its done? (in my case that's until I close my browser)

Proposal

Ability to export metrics (number of banned ips, ...) like traefik.

The plugin was not imported into Traefik Plugin Catalog.

Cause:

failed to get the latest tag: invalid tag: v0.1 (this tag must be removed, see https://semver.org)

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

We would like to create more tests for the plugin.
The test are to be done in the CI folder. here
We are working with travis and shell script.
Any new tech can be used.

It doesn't seem like anyone has actually used this.

http.Request docs

// RemoteAddr allows HTTP servers and other software to record
// the network address that sent the request, usually for
// logging. This field is not filled in by ReadRequest and
// has no defined format. The HTTP server in this package
// sets RemoteAddr to an "IP:port" address before invoking a
// handler.
// This field is ignored by the HTTP client.

In my logs, I'm seeing:

Fail2Ban_config: 2020/12/29 02:28:13 restricted.go:51: Whitelisted: '192.168.1.1/32'
....
Fail2Ban: 2020/12/29 02:38:47 restricted.go:52: 192.168.1.1:49926 is in blacklist mode

A closer look at your IP parsing would indictate that you didn't read the ParseIP docs

ParseIP parses s as an IP address, returning the result. The string s can be in IPv4 dotted decimal ("192.0.2.1"), IPv6 ("2001:db8::68"), or IPv4-mapped IPv6 ("::ffff:192.0.2.1") form. If s is not a valid textual representation of an IP address, ParseIP returns nil.

This playground confirms

See how you have to net.SplitHostPort(s)?

Your unit tests pass because you aren't using Request.RemoteAddr strings with ports.

The plugin was not imported into Traefik Plugin Catalog.

Cause:

failed to get the latest tag: invalid tag: v0.1 (this tag must be removed, see https://semver.org)

Traefik Plugin Analyzer will restart when you will close this issue.

If you believe there is a problem with the Analyzer or this issue is the result of a false positive, please contact us.

Problem

Traefik crashes repeatedly after enabling fail2ban in our prod environment.

Log file

https://ghostbin.com/M0weZ

I think I'm dealing with a bug because I've checked all the settings and the plugin generally behaves as described. Unfortunately, my traffic is being blocked and I can't find a reason why.

I am using the latest plugin version (0.7.1) with the latest Traefik version (2.10.5). I use Docker as a provider.

For my tests I use the Traefik dashboard, which I have secured with Simle Auth. Additional brute forcing protection would be a welcome addition.

In my setup, I first tried to lock myself out by entering the wrong credentials: that worked straight away. Since then - I tested this two weeks ago - I have no longer been able to authenticate myself successfully. I am always blocked with the status '403'. What I have tried:

• Change the order of the middlewares: No influence
• Put my IP on the whilelist: Works, I get through. However, this is not a good solution for dynamic IPs.
• Set Allow rules for certain paths: Works, but undermines brute forcing protection.

What I am missing is a way to check on the banned IP adresses. Is there a way to find out, what's happening?
Thanks!

Here is an excerpt from my traefik_dynamic.yaml (for completeness):

    my-fail2ban:
      plugin:
        fail2ban:
          rules:
            bantime: "3h"
            enabled: true
            findtime: "10m"
            maxretry: 4
          whitelist:
            ip:
              - "::1"
              - "127.0.0.1"
  routers:
    api:
      rule: Host(`dashboard.mydomain.com`)
      entrypoints:
        - websecure
      middlewares:
        - simpleAuth
        - my-fail2ban
      service: api@internal
      tls:
        certResolver: lets-encrypt

Wouldn't it make more sense if the ban would trigger based on all requests that aren't http 200-299?

Then we could set a much lower limit and thus lowering the number of attempts a hacker has before banning them.

(If i read the code correctly it just count's the number of requests)

Hello,
I manage the f2b config via docker labels:

Initialisation (command):
- --experimental.plugins.traefik-fail2ban-plugin.modulename=github.com/tomMoulard/fail2ban
- --experimental.plugins.traefik-fail2ban-plugin.version=v0.7.1

Label:
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.enabled=true"
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.bantime=3h"
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.findtime=2m"
- "traefik.http.middlewares.fail2ban-plugin.plugin.traefik-fail2ban-plugin.maxretry=2"
- "traefik.http.routers.catch-all.middlewares=catch-all-ratelimit,catch-all-redirect,fail2ban-plugin,modsec-plugin"

But it looks like my settings are ignored, since the log is showing this:

10/23/2023 6:48:11 PM 2023/10/23 18:48:11 Bantime: 5m0s
10/23/2023 6:48:11 PM 2023/10/23 18:48:11 Findtime: 2m0s
10/23/2023 6:48:11 PM 2023/10/23 18:48:11 FailToBan Rules : '{Bantime:5m0s Findtime:2m0s URLRegexpAllow:[] URLRegexpBan:[] MaxRetry:0 Enabled:true}'
10/23/2023 6:48:11 PM 2023/10/23 18:48:11 Plugin: FailToBan is up and running

I double checked the example: https://github.com/tomMoulard/fail2ban/blob/main/docker-compose.yml
and the code, but couldn't find an issue with my config:

I think its interesting, that it somehow managed to interpret the enabled flag, but not the other parameters, the case should be correct, as seen in the example and the sources.