Traefik fail2ban

traefik-auth.conf

# /etc/fail2ban/filter.d/traefik-auth.conf
[Definition]
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) .+\" 401 .+$

traefik-botsearch.conf

# /etc/fail2ban/filter.d/traefik-botsearch.conf
[INCLUDES]
before = botsearch-common.conf

[Definition]
failregex = ^<HOST> \- \S+ \[\] \"(GET|POST|HEAD) \/<block> \S+\" 404 .+$

traefik.conf

# /etc/fail2ban/jail.d/traefik.conf
[traefik-auth]
enabled = true
logpath  = %(traefik_access_log)s
port     = http,https

[traefik-botsearch]
enabled = true
logpath = %(traefik_access_log)s
maxretry = 1
port     = http,https

[traefik-badbots]
enabled = true
filter = apache-badbots
logpath = %(traefik_access_log)s
maxretry = 1
port     = http,https

Create the files above then you just have to change logpath to be whereever you store your traefik access log.

Then add this to /etc/fail2ban/jail.local

[traefik-auth]
enabled = true

[traefik-botsearch]
enabled = true

[traefik-badbots]
enabled = true

I get the following error
Failed during configuration: Bad value substitution: option 'logpath' in section 'traefik-auth' contains an interpolation key 'traefik_access_log' which is not a valid option name. Raw value: '%(traefik_access_log)s'

i think, you have to define the key "traefik_access_log" in your paths-common.conf (or paths-debian.conf / Name may vary on your server OS) like (in the [DEFAULT] Section)

# traefik
traefik_access_log = /path/to/log/traefik/access.log