Traefik-native bad actor blocker

Problem Context

You run a service (like Sharkey) behind Traefik and Docker, but bad actors keep bypassing your security. You need to block specific user agents or IPs, but adding Nginx or Crowdsec feels like overkill. Your current setup can’t handle this without major changes, and reactive tools (like Wazuh) don’t stop the problem at the source.

Pain Points

You’ve tried adding Nginx after Traefik, but that complicates your stack. Crowdsec is too complex, and moving away from Traefik would require rewriting everything. Manual IP/user agent blocking in Traefik is clunky, and you lack a centralized way to manage rules. Bad actors keep slipping through, costing you time and revenue.

Impact

Every time a bad actor gets through, your service (Sharkey) slows down or crashes, leading to lost revenue or frustrated users. You waste hours manually updating rules or troubleshooting failed workarounds. The risk of a full-scale attack grows if you don’t block these actors proactively.

Urgency

This isn’t a ‘nice-to-have’—it’s a direct threat to your service’s uptime. If you don’t block these actors, they’ll keep exploiting gaps, leading to downtime or data loss. The longer you wait, the harder it becomes to clean up the mess.

Target Audience

Other sysadmins or DevOps engineers running Traefik/Docker who need to block bad IPs or user agents without adding extra reverse proxies. This includes self-hosters, small businesses, and teams managing multiple services behind Traefik. Anyone using Traefik for security but lacking a simple blocking tool will face the same problem.

Solution Approach

A lightweight, Traefik-native tool that blocks bad IPs and user agents without requiring Nginx or complex plugins. It works as a Traefik middleware, so you don’t have to change your existing stack. Rules are managed via a simple UI or CLI, and you can sync with crowdsourced bad actor lists for automatic updates.

Key Features

1. Pre-loaded Bad Actor Rules: Comes with a database of known bad IPs and user agents (updated regularly).
2. Simple UI/CLI: Manage rules without digging into Traefik’s YAML files. Add custom rules or import lists (e.g., from Crowdsec or manual sources).
3. IPv4/IPv6 Support: Works out of the box for both protocols, so you don’t need separate configurations.

User Experience

You install the plugin as a Docker container or Traefik middleware. From there, you either use the built-in bad actor rules or add your own via the UI/CLI. The tool blocks requests automatically, and you get logs or alerts if something gets through. No need to rewrite your stack or learn new tools—it just works with Traefik.

Differentiation

Unlike Crowdsec (too complex) or Nginx (adds overhead), this tool is designed *for- Traefik users. It’s lighter, easier to set up, and doesn’t require adding another reverse proxy. The pre-loaded bad actor rules save you hours of manual work, and the UI/CLI makes it accessible even if you’re not a Traefik expert.

Scalability

Start with one service (like Sharkey), then expand to block bad actors across all your Traefik-hosted services. Add more rules over time, or upgrade to a cloud-hosted version for automatic updates. Teams can share rule sets, and you can integrate with SIEM tools for advanced monitoring.

Expected Impact

You stop bad actors before they disrupt your service, saving time and revenue. No more manual rule updates or stack changes—just a simple, effective blocker. Your service stays up, your users stay happy, and you spend less time firefighting security issues.