Get zones

curl -s -X GET  -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" https://api.cloudflare.com/client/v4/zones

Purge Cache

curl -s -X POST -H "Authorization: Bearer $TOKEN" -H "Content-Type: application/json" https://api.cloudflare.com/client/v4/zones/$ZONE/purge_cache --data '{"purge_everything":true}'

file basic-auth.js

// CloudFront > Functions > Create function
// CloudFront > Functions > FunctionName > Publish
// CloudFront > Functions > FunctionName > Add association (Viewer request)
//
// echo -n 'user:password' | base64
// dXNlcjpwYXNzd29yZA==
 
function handler(event) {
  var authHeaders = event.request.headers.authorization;
  var expected = "Basic dXNlcjpwYXNzd29yZA==";
  if (authHeaders && authHeaders.value === expected) {
    return event.request;
  }
  var response = {
    statusCode: 401,
    statusDescription: "Unauthorized",
    headers: {
      "www-authenticate": {
        value: 'Basic realm="Enter credentials for this super secure site"',
      },
    },
  };
  return response;
}

Filter

/etc/fail2ban/filter.d/custom-nginx-login.conf

[Definition]
failregex = ^<HOST> \- \S+ \[\] "POST \/api\/login HTTP/\d+\.\d+" 200 .+$
ignoreregex =

Action

/etc/fail2ban/action.d/cloudflare.conf

[Definition]
actionstart =
actionstop =
actioncheck =
actionban = curl -s \
   -H "X-Auth-Email: <cf_email>" \
   -H "X-Auth-Key: <cf_token>" \
   -H "Content-Type: application/json" \
   -X POST "https://api.cloudflare.com/client/v4/zones/&lt;cf_zoneid>/firewall/access_rules/rules" \
   --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban"}'
actionunban = curl -s \
   -H "X-Auth-Email: <cf_email>" \
   -H "X-Auth-Key: <cf_token>" \
   -H "Content-Type: application/json" \
   -X DELETE "https://api.cloudflare.com/client/v4/zones/&lt;cf_zoneid>/firewall/access_rules/rules/"$( \
      curl -s -H "X-Auth-Email: <cf_email>" \
         -H "X-Auth-Key: <cf_token>" \
         -H "Content-Type: application/json" \
         -X GET "https://api.cloudflare.com/client/v4/zones/&lt;cf_zoneid&gt;/firewall/access_rules/rules?mode=block&amp;configuration_target=ip&amp;configuration_value=&lt;ip>&page=1&per_page=1&match=all" \
         |jq --raw-output '.result[] .id')
[Init]

Jail

/etc/fail2ban/jail.d/nginx-custom.conf

[nginx-custom]
enabled = true
filter = custom-nginx-login
action = cloudflare[cf_email="EMAIL", cf_token="TOKEN", cf_zoneid="ZONEID"]
logpath = /var/log/nginx/access.log
findtime = 600
bantime = 3600
maxretry = 50