Differences

This shows you the differences between two versions of the page.

--- wiki:cloudflare [2024/04/10 20:28] – created none
+++ wiki:cloudflare [2024/04/10 20:32] (current) – none
@@ Line 33: / Line 33: @@
 }
 </code>
+=====Fail2Ban Integration=====
+**Filter**
+<code file /etc/fail2ban/filter.d/custom-nginx-login.conf>
+[Definition]
+failregex = ^<HOST> \- \S+ \[\] "POST \/api\/login HTTP/\d+\.\d+" 200 .+$
+ignoreregex =
+</code>
+**Action**
+<code file /etc/fail2ban/action.d/cloudflare.conf>
+[Definition]
+actionstart =
+actionstop =
+actioncheck =
+actionban = curl -s \
+   -H "X-Auth-Email: <cf_email>" \
+   -H "X-Auth-Key: <cf_token>" \
+   -H "Content-Type: application/json" \
+   -X POST "https://api.cloudflare.com/client/v4/zones/&lt;cf_zoneid>/firewall/access_rules/rules" \
+   --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban"}'
+actionunban = curl -s \
+   -H "X-Auth-Email: <cf_email>" \
+   -H "X-Auth-Key: <cf_token>" \
+   -H "Content-Type: application/json" \
+   -X DELETE "https://api.cloudflare.com/client/v4/zones/&lt;cf_zoneid>/firewall/access_rules/rules/"$( \
+      curl -s -H "X-Auth-Email: <cf_email>" \
+         -H "X-Auth-Key: <cf_token>" \
+         -H "Content-Type: application/json" \
+         -X GET "https://api.cloudflare.com/client/v4/zones/&lt;cf_zoneid&gt;/firewall/access_rules/rules?mode=block&amp;configuration_target=ip&amp;configuration_value=&lt;ip>&page=1&per_page=1&match=all" \
+         |jq --raw-output '.result[] .id')
+[Init]
+</code>
+**Jail**
+<code file /etc/fail2ban/jail.d/nginx-custom.conf>
+[nginx-custom]
+enabled = true
+filter = custom-nginx-login
+action = cloudflare[cf_email="EMAIL", cf_token="TOKEN", cf_zoneid="ZONEID"]
+logpath = /var/log/nginx/access.log
+findtime = 600
+bantime = 3600
+maxretry = 50
+</code>

Trace:

Differences

Search

Navigation

Print/export

Tools

QR Code