A traefik plugin to add a random delay to failed authentication requests based on status code.
Makes password stuffing and brute force attacks harder for all services using this plugin / middleware by inserting a random delay before the failed response is returned. With a random delay, such attacks will take longer... long enough that the attacker will either grow old or move along to someone else who doesn't like traefik plugins as much as we do!
But what if they just parallelize their requests!? Well then the rate limiter will get them 😉 Traefik comes with one of those out of the box (although the InFlightReqs middleware could be useful here too).
TODO
TL;DR; A Traefik plugin is a custom middleware for Traefik.
More on Traefik plugins is written here.
I also wrote an init container that simplifies using "local" plugins (i.e. plugins without Traefik Pilot) inside of Kubernetes.
Inspired by and much boilerplate from traefik-plugin-rewrite-headers, which is a fantastically useful Traefik Plugin.