Commit e66f3b8d4bbc

Vincent Demeester <vincent@sbr.pm>
2026-03-10 18:05:54
fix(fail2ban): excluded git.sbr.pm from caddy-flood
Git HTTPS operations generate bursty traffic that exceeded the 200 requests/60s threshold, causing legitimate users to be banned. Also added missing ntfy.sbr.pm exclusion on carthage for parity with kerkouane.
main
1 parent 2536c31
Changed files (2)
systems
carthage
extra.nix
kerkouane
extra.nix
systems/carthage/extra.nix
@@ -184,6 +184,8 @@ in
       [Definition]
       failregex = ^.*"remote_ip":"<HOST>".*"status":\d+,.*$
       ignoreregex = ^.*"remote_ip":"10\.100\.0\..*$
+                    ^.*"host":"ntfy\.sbr\.pm".*$
+                    ^.*"host":"git\.sbr\.pm".*$
       datepattern = "ts":{EPOCH}
     '';
   };
systems/kerkouane/extra.nix
@@ -187,6 +187,7 @@ in
       failregex = ^.*"remote_ip":"<HOST>".*"status":\d+,.*$
       ignoreregex = ^.*"remote_ip":"10\.100\.0\..*$
                     ^.*"host":"ntfy\.sbr\.pm".*$
+                    ^.*"host":"git\.sbr\.pm".*$
       datepattern = "ts":{EPOCH}
     '';
   };