Skip to content
/ traefik-regex-block Public

Middleware plugin for Traefik to block IPs for a period of time, based on the URL matching a list of regex patterns.

License

MIT license
1 star 0 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

tkreiner/traefik-regex-block

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits

.assets

.assets

 
 

.github

.github

 
 

vendor

vendor

 
 

.gitignore

.gitignore

 
 

.traefik.yml

.traefik.yml

 
 

LICENSE

LICENSE

 
 

Makefile

Makefile

 
 

README.md

README.md

 
 

blockmanager.go

blockmanager.go

 
 

go.mod

go.mod

 
 

go.sum

go.sum

 
 

logger.go

logger.go

 
 

regexblock.go

regexblock.go

 
 

Repository files navigation

traefik-regex-block

Summary

The traefix-regex-block plugin provides middleware for Traefik to detect URLs that match a list of regex patterns and then block those IP addresses for a configurable amount of time. This project took inspiration from the well known Fail2Ban application. This plugin can improve security of a site by detecting when threat actors are scanning your site for known exploitable endpoints. If there are certain patterns that are often scanned for that you know will not be on your site, you can proactively identify when those attempts are made and block the source from further scanning of your site.

Installation

Installation instructions can be found on the Traefik plugin catalog.

Latest Release

The current release is version v0.1.0. This plugin is still in it's early development phase. However, it is fully functional and is in bug testing phase. If you encounter any problems, please provide feedback by opening an issue here.

Configuration

The following settings can be used to configure your plugin.

Block Duration - blockDurationMinutes

  • Required: No
  • Default: 60 minutes

Use this setting to determine how many minutes an IP address will be blocked from your site after each URL attempt that matches a regex pattern.

Regular Expression Pattern List - regexPatterns

  • Required: Yes
  • Default: (none)

You provide a list of regular expression patterns to be used to detect activity you want to block. You can provide any number of patterns to monitor with.

Whitelist IP Addresses - whitelist

  • Required: No
  • Default: (none)

If you want to keep from blocking specific IP addresses, you can use the whitelist feature. This accepts a list of IP addresses as either an IP address on in CIDR notation.

Enable Debug Logging - enableDebug

  • Required: No
  • Default: false

Setting this value to true will show all debug logging for the plugin. Otherwise, logging level is set to an info level for output.

Example

The following configuration will detect any URL traffic that includes /.env or /cgi-bin in the URL. It will block any further requests from the IP address for 2 hours. Logging level is set to show debug messages. It then excludes blocking for any requests from the 127.0.0.1 address, or from a 192.168.0.0/16 network.

    my-regex-block:
      plugin:
        traefik-regex-block:
          blockDurationMinutes: 120
          enableDebug: true
          regexPatterns:
            - \/\.env
            - \/cgi-bin
          whitelist:
            - 127.0.0.1
            - 192.168.0.0/16

About

Middleware plugin for Traefik to block IPs for a period of time, based on the URL matching a list of regex patterns.

Topics

traefik-plugin traefik-middleware

Resources

Readme

License

MIT license
Activity

Stars

1 star

Watchers

1 watching

Forks

0 forks
Report repository

Releases 4

v0.1.0 Latest
Apr 2, 2024
+ 3 releases

Languages