From 27d5c02f06f9d1f9e48f0d76fa35655d88dfdd89 Mon Sep 17 00:00:00 2001
From: nomandera <1133344+nomandera@users.noreply.github.com>
Date: Fri, 31 Mar 2023 07:10:46 +0000
Subject: [PATCH] Create traefik-404.conf

This filter is realistically useful only within small Traefik deployments such as self-hosting. Use in large deployments will see legitimate users routinely blocked and systems intentionally open to the public should not even be considered.

It can however prove to be a useful tool in small user-base stable systems as it will routinely catch and block an impressive amount of unknown users and bots, many of which will be bad actors.
---
 filter.d/traefik-404.conf | 15 +++++++++++++++
 1 file changed, 15 insertions(+)
 create mode 100644 filter.d/traefik-404.conf

diff --git a/filter.d/traefik-404.conf b/filter.d/traefik-404.conf
new file mode 100644
index 0000000..8562e67
--- /dev/null
+++ b/filter.d/traefik-404.conf
@@ -0,0 +1,15 @@
+## Version 2023/03/06
+# Fail2Ban filter configuration for traefik 404
+# Count 404 hits as potential threat actors e.g. bots blind scanning or DNS walking
+# WARNING: This is an extremely aggressive filer.
+#          Unless you are certain you need it you almost certainly do not.
+#          ignoreip's are required as you WILL see false positives.
+
+[INCLUDES]
+
+before = common.conf
+
+[Definition]
+
+failregex = ^<HOST>.*"(GET|POST|HEAD).*HTTP\/[0-9]+(.[0-9]+)?"\ (404)\ .*$
+ignoreregex =