-
-
Notifications
You must be signed in to change notification settings - Fork 1.2k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cloudflare list feature added #3397
base: master
Are you sure you want to change the base?
Conversation
add a new cloudflare action with list support
This will also address this Issues: |
I don't think so, but OK. |
A better solution would be a additional python lib later, like Rather i like to contribute to the project with a working and clean written solution even if its in php, but for this, clean and functional. You can see i even hooking into the logfiles, with the right format. Working with tmp files to massive reduce needed api calls, and work modular with the config files from fail2ban like When you look at the old cloudflare solutions i dont see an working update to them in the near future, i would even think about to remove The old solutions just adding a firewallrule for each ban, and remove them later. The free plan (5 rules) and even pro (20 rules) get useless for this. We need a solution to work with the list functionality of cloudflare. You can see in code you need to watch multiple thing now for this. (like Outsourcing this seams to be the cleanest solution for me.
In today time if you provide some services on port 80/443 90% would have php on the server. And that is in 99% the only reason to block someone on this service. (login try's ect.) But as long as no python pro have the time to do a extra py lib for this (like No front or offense, but i think the old solutions are no longer effective to work with cloudflare and a solution is not nearly to see in the near future (otherwise someone write a py lib, alone the syntax fix for the api calls are crappy needed in this api version.). I just like to help and support this project. And be fine with deleting this solution in the feature if a py lib is ready. Until then this is a fine working solution. |
No. 90% of some private hosting - maybe, but I still doubt about the proportion of whole community.
Sure and thank you!... Anyway we can leave it open here up to next regular release, in hope someone'd rewrite it to pythonic action. |
Add a new cloudflare action with list support
Since there isn't any solution for this problem, i was adding Cloudflare support back again.
The old solutions didn't work with the new Cloudflare plans.
This action is based on calling an php script to handle all the required logic. In the current state this will be to complex for fail2bans action wrapper.
I know it's not written in python but considering all people who will need this also have php already on the server.
The installation is easy and supported by the script it self. I will add an wiki page later for this.
Your api token need this permissions
(for more security add your server ip in the
Client IP Address Filtering
Short install instructions:
Basically you only need to add your Cloudflare token to you
jail.local
into [DEFAULT]Then you can run the token-test while looking at your
fail2ban.log
php /etc/fail2ban/action.d/cloudflare.php token-test
This will add the following lines to your logfile
After this you are ready for the setup process run
php /etc/fail2ban/action.d/cloudflare.php setup
This will list all needed information in you
fail2ban.log
The only thing left is to copy your account id and your zone id and write it to you
jail.local
into [DEFAULT]Finish
You can now use this action in any jailconfig you like by overwriting the
banaction
in yourjail.local
.Example for
nginx-http-auth
In case of any problems
Keep an look at your
fail2ban.log
, there is many information logged, api errors get parsed and written to the logfile.