Closed tomMoulard closed 1 month ago
Changing the code catcher implementation to block request that should be blocked by f2b, and forward ones that should pass
is it possible to install this in preview on traefik ? i.e. is it possible to download the plugin from the non master branch ?
For sure, you can install the plugin locally using the localPlugins
mode. Please take a look at the docker-compose.yml
file. doc
ok, in which format should the directory be ? should it be a zip or is it enough to have the whole github repo in decompressed form ? also: would it work on traefik v<3 ?
Local mode is available since traefik:v2.5.0-rc1
. As for the usage, feel free to take a look at the doc.
good, and is this pull request already stable ? can it be used ? would you be kind and share a sample configuration for it ?
If you want to try it out, the configuration example is on the .traefik.yml
.
As it is a draft PR, it is still a highly experimental feature !
btw i get an error when loading it from source:
time="2024-05-16T10:30:50Z" level=error msg="Plugins are disabled because an error has occurred." error="github.com/tomMoulard/fail2ban: failed to import plugin code \"github.com/tomMoulard/fail2ban\": 1:21: import \"github.com/tomMoulard/fail2ban\" error: plugins-local/src/github.com/tomMoulard/fail2ban/fail2ban.go:18:2: import \"github.com/tomMoulard/fail2ban/pkg/response/status\" error: plugins-local/src/github.com/tomMoulard/fail2ban/pkg/response/status/http_code_range.go:5:2: import \"slices\" error: unable to find source related to: \"slices\""
Indded, this plugin requires having a recent go version running traefik. And if I trust this:
> docker run -ti --rm traefik:v2.10 version
Version: 2.10.7
Codename: saintmarcelin
Go version: go1.21.5
Built: 2023-12-06T15:54:59Z
OS/Arch: linux/amd64
traefik:v2.10 should work
mmm, same error:
ok at the end i have opted for traefik v2.9 and it seems to work in local mode. will test the new features later on.
cheers:
ARG TRAEFIK_VERSION
FROM traefik:v${TRAEFIK_VERSION}
ARG F2B_VERSION=0.8.1
RUN cd /tmp/ && wget https://github.com/tomMoulard/fail2ban/archive/refs/tags/v$F2B_VERSION.tar.gz && tar -xvzf v$F2B_VERSION.tar.gz
RUN mkdir -p ./plugins-local/src/github.com/tomMoulard/ && mv /tmp/fail2ban-$F2B_VERSION ./plugins-local/src/github.com/tomMoulard/fail2ban
This PR adds the status handler that let the plugin check the status code of the request. As the requests has been already forwarded, the next request will be blocked. Note that using this implementation, we could simply change the codecatcher implementation to block the request to reach the end user entirely.
This PR fixes #69, #46