Missing directive for non-blocked/non-matching ip addresses with fail2ban aka happy path

1. The problem I’m having:

I am using caddy as reverse proxy and want to use fail2ban to block specific ip addresses and their access to the service.
All other ip addresses should be allowed to use the service from the reverse proxy.

It seems I got the configuration right, that the service for the ip addresses is blocked, if they are in the list.
However I am missing the right directive for ip addresses not in the list and I cannot figure it out on my own.
Those ip addresses not in the list currently just see a white page.

In the log you will see that 2 ip addresses are in the blocked-ip list.
Address 1.2.3.4 tries to access the service and gets blocked first.
After that the address 1.2.3.4 is removed from the file and a reload happens.
Caddy identifies that 1.2.3.4 should not be blocked but I cannot make use of the log what happens.

In the config file you will find in comment brackets that I tried to find the right directive.

Goal:
I want access to the service for ip addresses which are not in the list.
If an ip address is in the list, access should be blocked via caddy.
This would be more elegant in comparison to block access on firewall level with iptables.

Thanks for help.

2. Error messages and/or full log output:

2024-12-30T18:21:48.436086027Z {"level":"info","ts":1735582908.4359925,"msg":"using config from file","file":"/etc/caddy/Caddyfile"}
2024-12-30T18:21:48.437326382Z {"level":"info","ts":1735582908.4372578,"msg":"adapted config to JSON","adapter":"caddyfile"}
2024-12-30T18:21:48.438144919Z {"level":"info","ts":1735582908.4380884,"logger":"admin","msg":"admin endpoint started","address":"localhost:2019","enforce_origin":false,"origins":["//localhost:2019","//[::1]:2019","//127.0.0.1:2019"]}
2024-12-30T18:21:48.438352818Z {"level":"info","ts":1735582908.43833,"logger":"tls.cache.maintenance","msg":"started background certificate maintenance","cache":"0xc000615200"}
2024-12-30T18:21:48.438429928Z {"level":"info","ts":1735582908.4384065,"logger":"http.auto_https","msg":"server is listening only on the HTTPS port but has no TLS connection a1.duckdns.org; adding one to enable TLS","server_name":"srv0","https_port":443}
2024-12-30T18:21:48.438495296Z {"level":"info","ts":1735582908.4384289,"logger":"http.auto_https","msg":"enabling automatic HTTP->HTTPS redirects","server_name":"srv0"}
2024-12-30T18:21:48.438504267Z {"level":"debug","ts":1735582908.4384627,"logger":"http.auto_https","msg":"adjusted config","tls":{"automation":{"a1.duckdns.org":[{"subjects":["a1.duckdns.org"]},{}]}},"http":{"servers":{"remaining_auto_https_redirects":{"listen":[":80"],"routes":[{},{}],"logs":{"logger_names":{"a1.duckdns.org":["log0"]}}},"srv0":{"listen":[":443"],"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"handle_response":[{"routes":[{"handle":[{"handler":"subroute","routes":[{"handle":[{"abort":true,"handler":"static_response"}]}]}],"match":[{"fail2ban":{"banfile":"/data/banned-ips"}}]}]}],"handler":"reverse_proxy","upstreams":[{"dial":"192.168.1.107:13378"}]}]}]}],"terminal":true}],"tls_connection_a1.duckdns.org":[{}],"automatic_https":{},"logs":{"logger_names":{"a1.duckdns.org":["log0"]}}}}}}
2024-12-30T18:21:48.438752572Z {"level":"info","ts":1735582908.4387188,"logger":"http.matchers.fail2ban","msg":"Starting monitor for banned IPs"}
2024-12-30T18:21:48.439058990Z {"level":"debug","ts":1735582908.4390256,"logger":"http.matchers.fail2ban","msg":"Adding banned IP to list","banned_addr":"1.2.4.4"}
2024-12-30T18:21:48.439097156Z {"level":"debug","ts":1735582908.4390574,"logger":"http.matchers.fail2ban","msg":"Adding banned IP to list","a1.duckdns.org":"1.2.3.4"}
2024-12-30T18:21:48.439414586Z {"level":"info","ts":1735582908.4393783,"logger":"http","msg":"enabling HTTP/3 listener","addr":":443"}
2024-12-30T18:21:48.439627184Z {"level":"debug","ts":1735582908.4395988,"logger":"http","msg":"starting server loop","address":"[::]:443","tls":true,"http3":true}
2024-12-30T18:21:48.439778783Z {"level":"info","ts":1735582908.439744,"logger":"http.log","msg":"server running","name":"srv0","protocols":["h1","h2","h3"]}
2024-12-30T18:21:48.439883214Z {"level":"debug","ts":1735582908.4398594,"logger":"http","msg":"starting server loop","address":"[::]:80","tls":false,"http3":false}
2024-12-30T18:21:48.439911083Z {"level":"info","ts":1735582908.4398825,"logger":"http.log","msg":"server running","name":"remaining_auto_https_redirects","protocols":["h1","h2","h3"]}
2024-12-30T18:21:48.439933186Z {"level":"info","ts":1735582908.4399145,"logger":"http","msg":"enabling automatic TLS certificate management","domains":["a1.duckdns.org"]}
2024-12-30T18:21:48.441282530Z {"level":"info","ts":1735582908.441223,"logger":"tls","msg":"storage cleaning happened too recently; skipping for now","storage":"FileStorage:/data/caddy","instance":"015d6321-d31e-4d59-b187-ce868805afe8","try_again":1735669308.4412215,"try_again_in":86399.999999676}
2024-12-30T18:21:48.441532122Z {"level":"info","ts":1735582908.4415019,"logger":"tls","msg":"finished cleaning storage units"}
2024-12-30T18:21:48.442159724Z {"level":"debug","ts":1735582908.4421096,"logger":"tls.cache","msg":"added certificate to cache","subjects":["a1.duckdns.org"],"expiration":1743354243,"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"067016e2e4d2711bab9bb9db9e680626c1f5639f79324313756ba298ea40b801","cache_size":1,"cache_capacity":10000}
2024-12-30T18:21:48.442195730Z {"level":"debug","ts":1735582908.442164,"logger":"events","msg":"event","name":"cached_managed_cert","id":"27a56de8-58ea-4cec-b728-48c2a2f0cc59","origin":"tls","data":{"sans":["a1.duckdns.org"]}}
2024-12-30T18:21:48.442668083Z {"level":"info","ts":1735582908.4426384,"msg":"autosaved config (load with --resume flag)","file":"/config/caddy/autosave.json"}
2024-12-30T18:21:48.442684198Z {"level":"info","ts":1735582908.4426675,"msg":"serving initial configuration"}
2024-12-30T18:22:38.596637483Z {"level":"debug","ts":1735582958.5964248,"logger":"events","msg":"event","name":"tls_get_certificate","id":"4ccec7ec-7859-4df0-8ad2-8e89428fe747","origin":"tls","data":{"client_hello":{"CipherSuites":[14906,4865,4866,4867,49195,49199,49196,49200,52393,52392,49171,49172,156,157,47,53],"ServerName":"a1.duckdns.org","SupportedCurves":[10794,29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537],"SupportedProtos":["h2","http/1.1"],"SupportedVersions":[27242,772,771],"RemoteAddr":{"IP":"1.2.3.4","Port":43613,"Zone":""},"LocalAddr":{"IP":"172.17.0.3","Port":443,"Zone":""}}}}
2024-12-30T18:22:38.596698584Z {"level":"debug","ts":1735582958.596459,"logger":"tls.handshake","msg":"choosing certificate","identifier":"a1.duckdns.org","num_choices":1}
2024-12-30T18:22:38.596716282Z {"level":"debug","ts":1735582958.5964804,"logger":"tls.handshake","msg":"default certificate selection results","identifier":"a1.duckdns.org","subjects":["a1.duckdns.org"],"managed":true,"issuer_key":"acme-v02.api.letsencrypt.org-directory","hash":"067016e2e4d2711bab9bb9db9e680626c1f5639f79324313756ba298ea40b801"}
2024-12-30T18:22:38.596730977Z {"level":"debug","ts":1735582958.5964909,"logger":"tls.handshake","msg":"matched certificate in cache","remote_ip":"1.2.3.4","remote_port":"43613","subjects":["a1.duckdns.org"],"managed":true,"expiration":1743354243,"hash":"067016e2e4d2711bab9bb9db9e680626c1f5639f79324313756ba298ea40b801"}
2024-12-30T18:22:38.636240654Z {"level":"debug","ts":1735582958.636124,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:22:38.639740219Z {"level":"debug","ts":1735582958.6396334,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.002902397,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Sec-Gpc":["1"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"Android\""],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Dest":["document"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Priority":["u=0, i"],"Sec-Ch-Ua-Mobile":["?1"],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Content-Length":["3881"],"Date":["Mon, 30 Dec 2024 18:22:38 GMT"],"Keep-Alive":["timeout=5"],"Content-Security-Policy":["frame-ancestors 'self'"],"Etag":["W/\"f29-193a6cdd2d8\""],"Last-Modified":["Sun, 08 Dec 2024 15:05:27 GMT"],"Content-Type":["text/html; charset=UTF-8"],"Connection":["keep-alive"],"Accept-Ranges":["bytes"],"Cache-Control":["public, max-age=0"]},"status":200}
2024-12-30T18:22:38.639806183Z {"level":"debug","ts":1735582958.6396654,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.002902397,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Sec-Gpc":["1"],"Cache-Control":["max-age=0"],"Sec-Ch-Ua-Platform":["\"Android\""],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Dest":["document"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-Site":["none"],"Sec-Fetch-User":["?1"],"Priority":["u=0, i"],"Sec-Ch-Ua-Mobile":["?1"],"X-Forwarded-Proto":["https"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:22:38.639822958Z {"level":"debug","ts":1735582958.639702,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:22:38.639830239Z {"level":"debug","ts":1735582958.639708,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:38.639837060Z {"level":"debug","ts":1735582958.6397114,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.3.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:38.639843923Z {"level":"info","ts":1735582958.6397166,"logger":"http.matchers.fail2ban","msg":"banned IP","remote_addr":"1.2.3.4"}
2024-12-30T18:22:39.825316013Z {"level":"debug","ts":1735582959.8250873,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:22:39.829518396Z {"level":"debug","ts":1735582959.8293123,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.004126093,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"X-Forwarded-Proto":["https"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"X-Forwarded-For":["1.2.3.4"],"Sec-Fetch-User":["?1"],"Sec-Gpc":["1"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":["\"Android\""],"Sec-Ch-Ua-Mobile":["?1"],"Sec-Fetch-Mode":["navigate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"X-Forwarded-Host":["a1.duckdns.org:25444"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Content-Security-Policy":["frame-ancestors 'self'"],"Accept-Ranges":["bytes"],"Etag":["W/\"f29-193a6cdd2d8\""],"Keep-Alive":["timeout=5"],"Cache-Control":["public, max-age=0"],"Last-Modified":["Sun, 08 Dec 2024 15:05:27 GMT"],"Content-Type":["text/html; charset=UTF-8"],"Content-Length":["3881"],"Date":["Mon, 30 Dec 2024 18:22:39 GMT"],"Connection":["keep-alive"]},"status":200}
2024-12-30T18:22:39.829665163Z {"level":"debug","ts":1735582959.8293736,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.004126093,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Accept-Language":["en-US,en;q=0.5"],"Cache-Control":["max-age=0"],"Upgrade-Insecure-Requests":["1"],"Sec-Fetch-Site":["none"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"X-Forwarded-Proto":["https"],"Priority":["u=0, i"],"Sec-Fetch-Dest":["document"],"X-Forwarded-For":["1.2.3.4"],"Sec-Fetch-User":["?1"],"Sec-Gpc":["1"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Ch-Ua-Platform":["\"Android\""],"Sec-Ch-Ua-Mobile":["?1"],"Sec-Fetch-Mode":["navigate"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"X-Forwarded-Host":["a1.duckdns.org:25444"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:22:39.829694661Z {"level":"debug","ts":1735582959.829425,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:22:39.829707453Z {"level":"debug","ts":1735582959.8294346,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:39.829719173Z {"level":"debug","ts":1735582959.829441,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.3.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:39.829730537Z {"level":"info","ts":1735582959.8294508,"logger":"http.matchers.fail2ban","msg":"banned IP","remote_addr":"1.2.3.4"}
2024-12-30T18:22:39.852148905Z {"level":"debug","ts":1735582959.8520603,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:22:39.854249675Z {"level":"debug","ts":1735582959.8540838,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.001965229,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Sec-Fetch-Dest":["serviceworker"],"Service-Worker":["script"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Gpc":["1"],"Referer":["https://a1.duckdns.org:25444/sw.js"],"Priority":["u=4, i"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Mode":["same-origin"],"Accept":["*/*"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"X-Forwarded-For":["1.2.3.4"],"Sec-Fetch-Site":["same-origin"],"Cache-Control":["max-age=0"],"Accept-Encoding":["gzip, deflate, br, zstd"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Cache-Control":["public, max-age=0"],"Etag":["W/\"dd9-193a6cdcef0\""],"Content-Type":["application/javascript; charset=UTF-8"],"Content-Length":["3545"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Content-Security-Policy":["frame-ancestors 'self'"],"Accept-Ranges":["bytes"],"Last-Modified":["Sun, 08 Dec 2024 15:05:26 GMT"],"Date":["Mon, 30 Dec 2024 18:22:39 GMT"]},"status":200}
2024-12-30T18:22:39.854306517Z {"level":"debug","ts":1735582959.8541214,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.001965229,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Sec-Fetch-Dest":["serviceworker"],"Service-Worker":["script"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Gpc":["1"],"Referer":["https://a1.duckdns.org:25444/sw.js"],"Priority":["u=4, i"],"X-Forwarded-Proto":["https"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Mode":["same-origin"],"Accept":["*/*"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"X-Forwarded-For":["1.2.3.4"],"Sec-Fetch-Site":["same-origin"],"Cache-Control":["max-age=0"],"Accept-Encoding":["gzip, deflate, br, zstd"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:22:39.854320975Z {"level":"debug","ts":1735582959.854141,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:22:39.854328012Z {"level":"debug","ts":1735582959.854145,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:39.854334607Z {"level":"debug","ts":1735582959.854148,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.3.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:39.854341126Z {"level":"info","ts":1735582959.8541522,"logger":"http.matchers.fail2ban","msg":"banned IP","remote_addr":"1.2.3.4"}
2024-12-30T18:22:40.897641855Z {"level":"debug","ts":1735582960.8974495,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:22:40.901814414Z {"level":"debug","ts":1735582960.9015934,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.004036742,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Sec-Fetch-Mode":["same-origin"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Cache-Control":["max-age=0"],"Service-Worker":["script"],"Accept-Language":["en-US,en;q=0.5"],"Priority":["u=4, i"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Sec-Gpc":["1"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Dest":["serviceworker"],"Referer":["https://a1.duckdns.org:25444/sw.js"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Accept-Ranges":["bytes"],"Last-Modified":["Sun, 08 Dec 2024 15:05:26 GMT"],"Etag":["W/\"dd9-193a6cdcef0\""],"Content-Type":["application/javascript; charset=UTF-8"],"Content-Length":["3545"],"Date":["Mon, 30 Dec 2024 18:22:40 GMT"],"Content-Security-Policy":["frame-ancestors 'self'"],"Cache-Control":["public, max-age=0"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"]},"status":200}
2024-12-30T18:22:40.901930230Z {"level":"debug","ts":1735582960.9016533,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.004036742,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Sec-Fetch-Mode":["same-origin"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Cache-Control":["max-age=0"],"Service-Worker":["script"],"Accept-Language":["en-US,en;q=0.5"],"Priority":["u=4, i"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Sec-Gpc":["1"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"Sec-Fetch-Dest":["serviceworker"],"Referer":["https://a1.duckdns.org:25444/sw.js"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:22:40.901964605Z {"level":"debug","ts":1735582960.9016814,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:22:40.901981120Z {"level":"debug","ts":1735582960.901689,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:40.901996710Z {"level":"debug","ts":1735582960.9016955,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.3.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:40.902026804Z {"level":"info","ts":1735582960.901716,"logger":"http.matchers.fail2ban","msg":"banned IP","remote_addr":"1.2.3.4"}
2024-12-30T18:22:44.927164829Z {"level":"debug","ts":1735582964.9270797,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:22:44.928625632Z {"level":"debug","ts":1735582964.9285085,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.001391105,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Sec-Fetch-Dest":["document"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Cache-Control":["max-age=0"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"X-Forwarded-For":["1.2.3.4"],"Sec-Ch-Ua-Mobile":["?1"],"Sec-Ch-Ua-Platform":["\"Android\""],"Priority":["u=0, i"],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Site":["none"],"Accept-Encoding":["gzip, deflate, br, zstd"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Accept-Ranges":["bytes"],"Keep-Alive":["timeout=5"],"Content-Length":["3881"],"Date":["Mon, 30 Dec 2024 18:22:44 GMT"],"Connection":["keep-alive"],"Content-Security-Policy":["frame-ancestors 'self'"],"Cache-Control":["public, max-age=0"],"Last-Modified":["Sun, 08 Dec 2024 15:05:27 GMT"],"Etag":["W/\"f29-193a6cdd2d8\""],"Content-Type":["text/html; charset=UTF-8"]},"status":200}
2024-12-30T18:22:44.928673871Z {"level":"debug","ts":1735582964.9285374,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.001391105,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Sec-Fetch-Dest":["document"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Fetch-Mode":["navigate"],"Sec-Fetch-User":["?1"],"Cache-Control":["max-age=0"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Sec-Gpc":["1"],"Accept-Language":["en-US,en;q=0.5"],"X-Forwarded-For":["1.2.3.4"],"Sec-Ch-Ua-Mobile":["?1"],"Sec-Ch-Ua-Platform":["\"Android\""],"Priority":["u=0, i"],"Upgrade-Insecure-Requests":["1"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Site":["none"],"Accept-Encoding":["gzip, deflate, br, zstd"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:22:44.928685123Z {"level":"debug","ts":1735582964.92855,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:22:44.928690190Z {"level":"debug","ts":1735582964.9285524,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:44.928695087Z {"level":"debug","ts":1735582964.9285545,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.3.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:44.928699869Z {"level":"info","ts":1735582964.9285674,"logger":"http.matchers.fail2ban","msg":"banned IP","remote_addr":"1.2.3.4"}
2024-12-30T18:22:45.997671301Z {"level":"debug","ts":1735582965.9974794,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:22:46.001050604Z {"level":"debug","ts":1735582966.0008812,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.003325181,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Priority":["u=4, i"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Cache-Control":["max-age=0"],"Sec-Gpc":["1"],"Sec-Fetch-Mode":["same-origin"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"Service-Worker":["script"],"Referer":["https://a1.duckdns.org:25444/sw.js"],"Sec-Fetch-Dest":["serviceworker"],"Accept-Language":["en-US,en;q=0.5"],"X-Forwarded-Host":["a1.duckdns.org:25444"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Date":["Mon, 30 Dec 2024 18:22:46 GMT"],"Keep-Alive":["timeout=5"],"Content-Security-Policy":["frame-ancestors 'self'"],"Content-Type":["application/javascript; charset=UTF-8"],"Content-Length":["3545"],"Etag":["W/\"dd9-193a6cdcef0\""],"Connection":["keep-alive"],"Accept-Ranges":["bytes"],"Cache-Control":["public, max-age=0"],"Last-Modified":["Sun, 08 Dec 2024 15:05:26 GMT"]},"status":200}
2024-12-30T18:22:46.001118652Z {"level":"debug","ts":1735582966.001031,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.003325181,"request":{"remote_ip":"1.2.3.4","remote_port":"43613","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Priority":["u=4, i"],"Accept":["*/*"],"Sec-Fetch-Site":["same-origin"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Cache-Control":["max-age=0"],"Sec-Gpc":["1"],"Sec-Fetch-Mode":["same-origin"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"Service-Worker":["script"],"Referer":["https://a1.duckdns.org:25444/sw.js"],"Sec-Fetch-Dest":["serviceworker"],"Accept-Language":["en-US,en;q=0.5"],"X-Forwarded-Host":["a1.duckdns.org:25444"]},"tls":{"resumed":false,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:22:46.001221512Z {"level":"debug","ts":1735582966.0011098,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:22:46.001264925Z {"level":"debug","ts":1735582966.0011563,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:46.001282679Z {"level":"debug","ts":1735582966.001188,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.3.4","remote_ip":"1.2.3.4"}
2024-12-30T18:22:46.001310912Z {"level":"info","ts":1735582966.0012379,"logger":"http.matchers.fail2ban","msg":"banned IP","remote_addr":"1.2.3.4"}
2024-12-30T18:22:56.209963954Z {"level":"debug","ts":1735582976.209878,"logger":"http.matchers.fail2ban","msg":"File has changed, reloading banned IPs"}
2024-12-30T18:22:56.210212760Z {"level":"debug","ts":1735582976.2101624,"logger":"http.matchers.fail2ban","msg":"Adding banned IP to list","a1.duckdns.org":"1.2.4.4"}
2024-12-30T18:22:56.210286879Z {"level":"debug","ts":1735582976.21025,"logger":"http.matchers.fail2ban","msg":"File has changed, reloading banned IPs"}
2024-12-30T18:22:56.210610321Z {"level":"debug","ts":1735582976.210569,"logger":"http.matchers.fail2ban","msg":"Adding banned IP to list","a1.duckdns.org":"1.2.4.4"}
2024-12-30T18:23:03.808973426Z {"level":"debug","ts":1735582983.8087573,"logger":"events","msg":"event","name":"tls_get_certificate","id":"a082e8f8-5fa0-4e7b-9c07-41bb2052c670","origin":"tls","data":{"client_hello":{"CipherSuites":[4865,4866,4867,49195,49196,52393,49199,49200,52392,49171,49172,156,157,47,53],"ServerName":"goti2.duckdns.org","SupportedCurves":[29,23,24],"SupportedPoints":"AA==","SignatureSchemes":[1027,2052,1025,1283,2053,1281,2054,1537,513],"SupportedProtos":["http/1.1"],"SupportedVersions":[772,771],"RemoteAddr":{"IP":"1.2.3.4","Port":43614,"Zone":""},"LocalAddr":{"IP":"172.17.0.3","Port":443,"Zone":""}}}}
2024-12-30T18:23:14.199298451Z {"level":"debug","ts":1735582994.199219,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:23:14.201062137Z {"level":"debug","ts":1735582994.2009635,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.001699434,"request":{"remote_ip":"1.2.3.4","remote_port":"43615","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-Proto":["https"],"Sec-Ch-Ua-Platform":["\"Android\""],"Sec-Gpc":["1"],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Ch-Ua-Mobile":["?1"],"Priority":["u=0, i"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Content-Security-Policy":["frame-ancestors 'self'"],"Last-Modified":["Sun, 08 Dec 2024 15:05:27 GMT"],"Etag":["W/\"f29-193a6cdd2d8\""],"Content-Length":["3881"],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Accept-Ranges":["bytes"],"Cache-Control":["public, max-age=0"],"Content-Type":["text/html; charset=UTF-8"],"Date":["Mon, 30 Dec 2024 18:23:14 GMT"]},"status":200}
2024-12-30T18:23:14.201114293Z {"level":"debug","ts":1735582994.200996,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.001699434,"request":{"remote_ip":"1.2.3.4","remote_port":"43615","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/","headers":{"Cache-Control":["max-age=0"],"Accept":["text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-Proto":["https"],"Sec-Ch-Ua-Platform":["\"Android\""],"Sec-Gpc":["1"],"Sec-Fetch-Site":["none"],"Upgrade-Insecure-Requests":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Sec-Fetch-Dest":["document"],"Sec-Fetch-User":["?1"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Mode":["navigate"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Ch-Ua-Mobile":["?1"],"Priority":["u=0, i"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:23:14.201127049Z {"level":"debug","ts":1735582994.2010114,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:23:14.201132725Z {"level":"debug","ts":1735582994.2010145,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:23:14.201138042Z {"level":"debug","ts":1735582994.201018,"logger":"http.matchers.fail2ban","msg":"received request","remote_addr":"1.2.3.4"}
2024-12-30T18:23:14.352159440Z {"level":"debug","ts":1735582994.3520455,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:23:14.355145349Z {"level":"debug","ts":1735582994.3550017,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.002903243,"request":{"remote_ip":"1.2.3.4","remote_port":"43615","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Sec-Ch-Ua-Mobile":["?1"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Gpc":["1"],"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua-Platform":["\"Android\""],"Priority":["u=1, i"],"Referer":["https://a1.duckdns.org:25444/"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["image"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Content-Security-Policy":["frame-ancestors 'self'"],"Cache-Control":["public, max-age=0"],"Last-Modified":["Sun, 08 Dec 2024 15:05:26 GMT"],"Content-Type":["image/x-icon"],"Accept-Ranges":["bytes"],"Etag":["W/\"583-193a6cdcef0\""],"Content-Length":["1411"],"Date":["Mon, 30 Dec 2024 18:23:14 GMT"]},"status":200}
2024-12-30T18:23:14.355213289Z {"level":"debug","ts":1735582994.355037,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.002903243,"request":{"remote_ip":"1.2.3.4","remote_port":"43615","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/favicon.ico","headers":{"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"Sec-Ch-Ua-Mobile":["?1"],"Accept":["image/avif,image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8"],"Sec-Gpc":["1"],"Sec-Fetch-Site":["same-origin"],"Sec-Ch-Ua-Platform":["\"Android\""],"Priority":["u=1, i"],"Referer":["https://a1.duckdns.org:25444/"],"Accept-Language":["en-US,en;q=0.5"],"Accept-Encoding":["gzip, deflate, br, zstd"],"X-Forwarded-For":["1.2.3.4"],"X-Forwarded-Proto":["https"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Sec-Ch-Ua":["\"Brave\";v=\"131\", \"Chromium\";v=\"131\", \"Not_A Brand\";v=\"24\""],"Sec-Fetch-Mode":["no-cors"],"Sec-Fetch-Dest":["image"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:23:14.355231218Z {"level":"debug","ts":1735582994.3550558,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:23:14.355239630Z {"level":"debug","ts":1735582994.3550599,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:23:14.355247436Z {"level":"debug","ts":1735582994.3550653,"logger":"http.matchers.fail2ban","msg":"received request","remote_addr":"1.2.3.4"}
2024-12-30T18:23:15.927775661Z {"level":"debug","ts":1735582995.9275184,"logger":"http.handlers.reverse_proxy","msg":"selected upstream","dial":"192.168.1.107:13378","total_upstreams":1}
2024-12-30T18:23:15.931655726Z {"level":"debug","ts":1735582995.9314616,"logger":"http.handlers.reverse_proxy","msg":"upstream roundtrip","upstream":"192.168.1.107:13378","duration":0.003839081,"request":{"remote_ip":"1.2.3.4","remote_port":"43615","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Referer":["https://a1.duckdns.org:25444/sw.js"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["serviceworker"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"X-Forwarded-For":["1.2.3.4"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-Proto":["https"],"Service-Worker":["script"],"Sec-Fetch-Mode":["same-origin"],"Accept":["*/*"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Priority":["u=4, i"],"Cache-Control":["max-age=0"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"headers":{"Cache-Control":["public, max-age=0"],"Etag":["W/\"dd9-193a6cdcef0\""],"Connection":["keep-alive"],"Keep-Alive":["timeout=5"],"Content-Security-Policy":["frame-ancestors 'self'"],"Last-Modified":["Sun, 08 Dec 2024 15:05:26 GMT"],"Content-Type":["application/javascript; charset=UTF-8"],"Content-Length":["3545"],"Date":["Mon, 30 Dec 2024 18:23:15 GMT"],"Accept-Ranges":["bytes"]},"status":200}
2024-12-30T18:23:15.931763635Z {"level":"debug","ts":1735582995.9315138,"logger":"http.handlers.reverse_proxy","msg":"handling response","upstream":"192.168.1.107:13378","duration":0.003839081,"request":{"remote_ip":"1.2.3.4","remote_port":"43615","client_ip":"1.2.3.4","proto":"HTTP/2.0","method":"GET","host":"a1.duckdns.org:25444","uri":"/sw.js","headers":{"Referer":["https://a1.duckdns.org:25444/sw.js"],"Accept-Language":["en-US,en;q=0.5"],"Sec-Fetch-Dest":["serviceworker"],"Sec-Gpc":["1"],"User-Agent":["Mozilla/5.0 (Linux; Android 10; K) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/131.0.0.0 Mobile Safari/537.36"],"X-Forwarded-For":["1.2.3.4"],"Accept-Encoding":["gzip, deflate, br, zstd"],"Sec-Fetch-Site":["same-origin"],"X-Forwarded-Proto":["https"],"Service-Worker":["script"],"Sec-Fetch-Mode":["same-origin"],"Accept":["*/*"],"X-Forwarded-Host":["a1.duckdns.org:25444"],"Priority":["u=4, i"],"Cache-Control":["max-age=0"]},"tls":{"resumed":true,"version":772,"cipher_suite":4865,"proto":"h2","server_name":"a1.duckdns.org"}},"handler":0}
2024-12-30T18:23:15.931796412Z {"level":"debug","ts":1735582995.9315515,"logger":"http.matchers.fail2ban","msg":"Handling ban query","remote_ip":"1.2.3.4"}
2024-12-30T18:23:15.931812503Z {"level":"debug","ts":1735582995.931576,"logger":"http.matchers.fail2ban","msg":"Checking IP","ip":"1.2.4.4","remote_ip":"1.2.3.4"}
2024-12-30T18:23:15.931828965Z {"level":"debug","ts":1735582995.9315877,"logger":"http.matchers.fail2ban","msg":"received request","remote_addr":"1.2.3.4"}

3. Caddy version:

root@Tower:~# docker exec caddyduck caddy version
v2.8.4 h1:q3pe0wpBj1OcHFZ3n/1nl4V4bxBrYoSoab7rL9BMYNk=
root@Tower:~#

4. How I installed and ran Caddy:

I installed a docker custom image with ddns and duckdns plugins in unraid.
Via repository:
serfriz/caddy-duckdns-ddns:latest
I added the transform and fail2ban module manually:

caddy add-package [modulename]

a. System environment:

Docker Engine on Unraid 6

d. My complete Caddy config:

{
        debug
        admin :2019
        servers {
                metrics
        }

        dynamic_dns {
                provider duckdns {env.DUCKDNS_API_TOKEN1} # for duckdns
                domains {
                        a1.duckdns.org
                }
                check_interval 7d
        }
}

a1.duckdns.org {
        log {
                format transform "{common_log}"
                output file /var/log/caddy/a1.access.fail.log {
                        roll_size 100MiB
                        roll_keep 10
                        roll_keep_for 200d
                }
        }

        reverse_proxy 192.168.1.107:13378 {
                #@success status 2xx
                handle_response {
                        @banned {                                                                                                                                                                                                                fail2ban /data/banned-ips
                        }
                        handle @banned {
                                abort
                        }
                        #       @success {
                        #               response "Test"
                        #       }
                }
        }

        tls {
                dns duckdns DUCKDNSKEY
                propagation_timeout 2m
                propagation_delay 2m
        }
}

5. Links to relevant resources:

I also mentioned my problem here:

Anyone who can give me a hint how to configure blocking as described above?

Can you elaborate further? Where is the definition for the fail2ban matcher? What’s the content of the @banned matcher? I don’t understand the point of the handle_response. What are you intending to do with it?

I am sorry you are totally right, there was a problem with the markup.
The line was missing within the @banned block.

fail2ban /data/banned-ips

Here is the configuration again, hope it makes sense now.
I am open for any improvements but understand I need a directive for the “blocked” group and for the “non-blocked” group.

{
        debug
        admin :2019
        servers {
                metrics
        }

        dynamic_dns {
                provider duckdns {env.DUCKDNS_API_TOKEN1} # for duckdns
                domains {
                        a1.duckdns.org
                }
                check_interval 7d
        }
}

a1.duckdns.org {
        log {
                format transform "{common_log}"
                output file /var/log/caddy/a1.access.fail.log {
                        roll_size 100MiB
                        roll_keep 10
                        roll_keep_for 200d
                }
        }

        reverse_proxy 192.168.1.107:13378 {
                #@success status 2xx
                handle_response {
                        @banned {                                                                                                                                                                                                                                       
                        fail2ban /data/banned-ips
                        }
                        handle @banned {
                                abort
                        }
                        #       @success {
                        #               response "Test"
                        #       }
                }
        }

        tls {
                dns duckdns DUCKDNSKEY
                propagation_timeout 2m
                propagation_delay 2m
        }
}

Why is this inside reverse_proxy in a handle_response? What are you trying to do?

Every request to the service exposed via reverse proxy should be blocked if the ip address used used in the request is in the ip-blocked list. Otherwise if the ip address is not in the ip-blocked list the request should go ahead and the service can be used.

Using handle_response was the only way I was able to get the blocking part with the fail2ban plugin.
Unfortunately on the fail2ban plugin site (GitHub - Javex/caddy-fail2ban: Fail2ban module for caddy) there was no example for reverse proxy.

Can you suggest a better directive or way to accomplish that?

The problem with your current config is that the request is already passed to the upstream service, even if it’s in the ban list. You can simply use the snippet from their README as below. Note that you shouldn’t set the admin listener to non-trusted interface because this means you allow external parties to configure your Caddy instance.

{
	debug
	admin localhost:2019
	servers {
		metrics
	}

	dynamic_dns {
		provider duckdns {env.DUCKDNS_API_TOKEN1} # for duckdns
		domains {
			a1.duckdns.org
		}
		check_interval 7d
	}
}

a1.duckdns.org {
	log {
		format transform "{common_log}"
		output file /var/log/caddy/a1.access.fail.log {
			roll_size 100MiB
			roll_keep 10
			roll_keep_for 200d
		}
	}

	@banned {
		fail2ban /data/banned-ips
	}
	handle @banned {
		abort
	}
	handle {
		reverse_proxy 192.168.1.107:13378
	}
	tls {
		dns duckdns DUCKDNSKEY
		propagation_timeout 2m
		propagation_delay 2m
	}
}

Cool, thanks this works now.
It seems I was lost with the sequence and order of the directives.
Your suggestion works now as intended. :grinning:

I have to get back to the monitoring topic to sort out your other suggestion.

1 Like