9652894aa4
Caddy 2.x emits JSON access logs; the failregex in infra/fail2ban/filter.d/familienarchiv-auth.conf depends on the "remote_ip" → "uri" → "status" key order being stable. A future Caddy upgrade that reorders fields would break the jail silently (regex no longer matches → fail2ban returns 0 hits → host stops banning brute-force, discovered only at the next incident). This job pins the contract: a sample /api/auth/login 401 line must match (1 hit) and a /api/auth/login 200 line must not (0 hits). Catches a regression at PR time instead of in production. Co-Authored-By: Claude Opus 4.7 <noreply@anthropic.com>
5.5 KiB
5.5 KiB