Git Product home page Git Product logo

fail2ban-cloudflare's Introduction

fail2ban-cloudflare - for Cloudflare API V4

Integrate Fail2ban with Cloudflare API (V4) to mitigate HTTP flooding attacks using Nginx and Roboo.

Requirements:

  1. Nginx
  2. Roboo (https://github.com/yuri-gushin/Roboo)
  3. Fail2ban
  4. A Cloudflare account (https://www.cloudflare.com/a/sign-up)
  5. Ruby 1.9.3 or later

Get your Cloudflare API Key

  1. Signup to Cloudflare: https://www.cloudflare.com/a/sign-up

  2. Go to https://www.cloudflare.com/a/account/my-account and select View API Key.

  3. Setup your site(s) to use Cloudflare

Configure Fail2ban

  1. Install Fail2ban on the server running Nginx and Roboo.

  2. Add the nginx-roboo.conf file to your filter.d dir.

  3. Add the cloudflare.conf file to your action.d dir.

  4. Edit the cloudflare_api_manager.rb file and set your CLOUDFLARE_USERNAME and CLOUDFLARE_API_KEY (line 8 and 9).

  5. Optional add any proxy information if you need to access Cloudflare via a proxy server (line 15 to 18).

  6. Add the following to your jail.conf file:

    [nginx-roboo]
enabled   = true
port      = all
filter    = nginx-roboo
banaction = cloudflare
logpath   = /var/log/nginx/challenged.log
maxretry  = 250

  7. Add the cloudflare_api_manager.rb script to a location accessible to the fail2ban user and set appropriate permissions. Remember that your Cloudflare API keys are stored in this script so handle with care!

  8. Verify that an IP is added to your Cloudflare firewall by banning an IP:

    /path/to/ruby /path/to/cloudflare_api_manager.rb ban 1.2.3.4

  9. Verify that the IP is removed from your Cloudflare firewall by unbanning the IP:

    /path/to/ruby /path/to/cloudflare_api_manager.rb unban 1.2.3.4

  10. Restart Fail2ban

This will make Fail2ban monitor the file /var/log/nginx/challenged.log and each client with more than 250 challenge attempts will be banned using the cloudflare filter.

Bad clients will automatically be banned (presented with a Google reCAPTCHA challenge) at Cloudflare instead of continuously hitting your server. After the defined bantime clients are automatically removed from the blacklist again.

It might be a good idea to whitelist the IP range of Cloudflare in Fail2ban using the ignoreip section. A current list of the IP ranges of Cloudflare can be found here: https://www.cloudflare.com/ips/

NOTE: At the moment Fail2ban doesn't work with IPv6 so it might be a good idea to disable IPv6 support in the Cloudflare admin interface for each site you want to protect using Fail2ban.

Recommend Projects

  • React photo React

    A declarative, efficient, and flexible JavaScript library for building user interfaces.

  • Vue.js photo Vue.js

    ๐Ÿ–– Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.

  • Typescript photo Typescript

    TypeScript is a superset of JavaScript that compiles to clean JavaScript output.

  • TensorFlow photo TensorFlow

    An Open Source Machine Learning Framework for Everyone

  • Django photo Django

    The Web framework for perfectionists with deadlines.

  • D3 photo D3

    Bring data to life with SVG, Canvas and HTML. ๐Ÿ“Š๐Ÿ“ˆ๐ŸŽ‰

Recommend Topics

  • javascript

    JavaScript (JS) is a lightweight interpreted programming language with first-class functions.

  • web

    Some thing interesting about web. New door for the world.

  • server

    A server is a program made to process requests and deliver data to clients.

  • Machine learning

    Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.

  • Game

    Some thing interesting about game, make everyone happy.

Recommend Org

  • Facebook photo Facebook

    We are working to build community through open source technology. NB: members must have two-factor auth.

  • Microsoft photo Microsoft

    Open source projects and samples from Microsoft.

  • Google photo Google

    Google โค๏ธ Open Source for everyone.

  • D3 photo D3

    Data-Driven Documents codes.