Caddy and fail2ban--401 logging

1. The problem I’m having:

I have the same issue discussed at these 2 previous issues that have been closed for quite some time:

After reading those discussions it seems the only way to prevent this issue (which, to recap those threads, is an inability to use fail2ban monitoring Caddy logs due to alot of very quickly issued 401 logs even when no login is actually being attempted), is to enable rate limiting:

Does anyone else out there have any other suggestions for how to deal with this? Has Caddy since added any other features that would solve this issue?

A suggestion from @matt initially was to change the fail2ban settings to accommodate, but i dont know if thats possible without at the same time reducing security in the event of an actual brute force attempt that quickly produces 401 logs in the same way.

3. Caddy version:


4. How I installed and ran Caddy:

dockerfile/docker-compose that initiates xcaddy to build with plugins

a. System environment:

Caddy runs via Docker on a Debian VM. Hypervisor is Proxmox.

I don’t think the status quo has changed since then, because nobody else has complained about it or had that usecase to confirm that any changes have the intended effect.

I’m not sure I understand the problem though.

I don’t understand what this means. The requests must be coming from somewhere. With basicauth, every matching request will have authentication tried, because that’s what it was configured to do.

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.