brutoforce protection caddy reverse proxy basic auth (access log???)

herophil322 · February 05, 2025, 09:20:01 PM

Hello everyone,

I would like to know how you all protect your Caddy reverse proxy websites from brute force attacks that use Basic Authentication. So far, I've been using Fail2Ban, but I don't see a suitable option for this.

Additionally, where can I find logs for failed Basic Authentication attempts? After enabling the "HTTP Access Log" in the domain entry in Caddy, I don't see any failed logins in the files under /var/log/caddy/.

I could activate "Log HTTP Access in JSON Format." Should I then see something in the respective log file under "/var/log/caddy/access"? I've tried it but didn't see anything. :(

It would be a big help if someone could point me in the right direction.

Kind regards,
Phil

Patrick M. Hausen · February 05, 2025, 09:30:48 PM

Quote from: herophil322 on February 05, 2025, 09:20:01 PMI could activate "Log HTTP Access in JSON Format." Should I then see something in the respective log file under "/var/log/caddy/access"? I've tried it but didn't see anything. :(

That just changes the log format from the OPNsense specific one (so logs can be displayed nicely in the UI) to plain ASCII JSON. You still need to enable access logs for the domain in question. It's at the very bottom of the "Domain" dialog in the Caddy UI.

Once you get logs, you can point Crowdsec or (I guess) fail2ban at them.

brutoforce protection caddy reverse proxy basic auth (access log???)

herophil322

February 05, 2025, 09:20:01 PM

Patrick M. Hausen

February 05, 2025, 09:30:48 PM #1