{"id":34187788,"url":"https://github.com/renanqts/xdpfail2ban","last_synced_at":"2026-03-09T22:31:08.062Z","repository":{"id":57594308,"uuid":"527160299","full_name":"renanqts/xdpfail2ban","owner":"renanqts","description":"WiP: Traefik plugin on fail2ban middleware using XDP eBPF to drop packets","archived":false,"fork":false,"pushed_at":"2022-09-03T18:44:28.000Z","size":15,"stargazers_count":11,"open_issues_count":0,"forks_count":1,"subscribers_count":1,"default_branch":"main","last_synced_at":"2024-09-20T16:24:19.570Z","etag":null,"topics":["traefik","traefik-plugin"],"latest_commit_sha":null,"homepage":"","language":"Go","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/renanqts.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2022-08-21T09:29:34.000Z","updated_at":"2024-08-01T03:55:13.000Z","dependencies_parsed_at":"2022-09-07T17:51:55.675Z","dependency_job_id":null,"html_url":"https://github.com/renanqts/xdpfail2ban","commit_stats":null,"previous_names":[],"tags_count":2,"template":false,"template_full_name":null,"purl":"pkg:github/renanqts/xdpfail2ban","repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renanqts%2Fxdpfail2ban","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renanqts%2Fxdpfail2ban/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renanqts%2Fxdpfail2ban/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renanqts%2Fxdpfail2ban/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/renanqts","download_url":"https://codeload.github.com/renanqts/xdpfail2ban/tar.gz/refs/heads/main","sbom_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/renanqts%2Fxdpfail2ban/sbom","scorecard":null,"host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":286080680,"owners_count":30314627,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2026-03-09T20:05:46.299Z","status":"ssl_error","status_checked_at":"2026-03-09T19:57:04.425Z","response_time":61,"last_error":"SSL_connect returned=1 errno=0 peeraddr=140.82.121.6:443 state=error: unexpected eof while reading","robots_txt_status":"success","robots_txt_updated_at":"2025-07-24T06:49:26.215Z","robots_txt_url":"https://github.com/robots.txt","online":false,"can_crawl_api":true,"host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["traefik","traefik-plugin"],"created_at":"2025-12-15T15:21:37.771Z","updated_at":"2026-03-09T22:31:07.816Z","avatar_url":"https://github.com/renanqts.png","language":"Go","funding_links":[],"categories":[],"sub_categories":[],"readme":"# XDPFail2ban plugin for Traefik\n\nThis plugin is a small implementation of a fail2ban instance\ndrop packets via eBPF XDP as a middleware plugin for Traefik.\nThere are two components to make it work:\n- XDPFail2ban plugin   \nThis is hosted in this repository.   \nIt implements the required logic to block a certain source IP.\nOnce the source IP falls in Ban mode,\nit hits XDPDropper component via API to add it there.\n- [XDPDropper](https://github.com/renanqts/xdpdropper)   \nIt implements a dropper source IP via eBFP XDP.   \nIt has an API to add/remove IP from being dropped.\nOnce a certain source IP is added to be dropped,\nIt discards every single packet before it hits the kernel,\nallowing for high-performance packet processing.\n[See more](https://blog.cloudflare.com/l4drop-xdp-ebpf-based-ddos-mitigations/).\n\n## Configuration\nAvailable configuration\n```yml\ntestData:\n  loglevel: DEBUG\n  xdpdropperurl: http://localhost:8080\n  rules:\n    bantime: 3h\n    findtime: 10m\n    maxretry: 4\n    urlregexps:\n    - regexp: /foo\n    - regexp: /bar\n```\n\nWhere:\n- `logLevel`: is used to show the correct level of logs (`DEBUG`, `INFO` (default),\n`NONE`)\n- `xdpdropperurl`: url where [XDPDropper](https://github.com/renanqts/xdpdropper)\nservice can be found.\n\nunder `rules`:\n- `findtime`: is the time slot used to count requests (if there are too many\nrequests with the same source IP in this slot of time, the IP goes into ban).\nYou can use 'smart' strings like \"4h\", \"2m\", \"1s\", ...\n- `bantime`: correspond to the amount of time the IP is in Ban mode.\n- `maxretry`: number of requests before Ban mode.\n- `urlregexps`: a regexp list to requests with regexps on the URL to be filtered.\nIn this example, all requests to `/foo` and `/bar` will be filtered.\n\n### Ban logic\nFirst request, one of `urlregexps` is matched, the IP is added to the Pool,\nand the `findtime` timer is started:\n```\nA |-------------\u003e\n  ↑\n```\n\nSecond request, `urlregexps` is matched again, `findtime` is not yet finished\nthus the request is fine:\n```\nA |--x----------\u003e\n     ↑\n```\n\nThird request, `urlregexps` is matched, `maxretry` is now almost full, this request\nis fine:\n```\nA |--x--x-------\u003e\n        ↑\n```\n\nFourth request matched, now it's jail time, `bantime` is started,\nthe source IP is added into [XDPDropper](https://github.com/renanqts/xdpdropper) list:\n```\nA |--x--x--x----\u003e\n           ↓\nB          |-------------\u003e\n```\n\nNext requests, the IP is in Ban mode, those requests will never arrive\nsince XDP is dropping it in the level down:\n```\nA |--x--x--x--x-\u003e\n```\n\n`bantime` is now expired, another `findtime` is started:\n```\nA |--x--x--x----\u003e            |-------------\u003e\n                             ↑\nB          |--x----------\u003e\n```\n\n## How to dev\nStandards tests/lint can be achieved by running:\n```bash\nmake \n```\n\nfor integration test, use:\n```bash\ndocker compose up\n```\nIt will bring `http://localhost:8000/whoami` locally to be hit for the sake of tests.\nThe plugin log will show up prefixed with `XDPFail2Ban`.   \nTraefik dashboard is also available at `http://localhost:8080/dashboard`.   \n`xdpdropperdummy` is the name of the container for a dummy API that can be found\nat `http://localhost:8081/drop`.\n\n## Credits\n[fail2ban](https://github.com/tommoulard/fail2ban)","project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frenanqts%2Fxdpfail2ban","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Frenanqts%2Fxdpfail2ban","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Frenanqts%2Fxdpfail2ban/lists"}