fail2ban with Cloudflare
Posted
by
tatersalad58
on Server Fault
See other posts from Server Fault
or by tatersalad58
Published on 2012-08-30T15:03:17Z
Indexed on
2012/08/30
15:39 UTC
Read the original article
Hit count: 427
I'm using fail2ban to block web vulnerability scanners. It is working correctly when visiting the site if CloudFlare is bypassed, but a user can still access it if going through it. I have mod_cloudflare installed.
Is it possible to block users with IPtables when using Cloudflare?
Ubuntu Server 12.04 32-bit
Access.log:
112.64.89.231 - - [29/Aug/2012:19:16:01 -0500] "GET /muieblackcat HTTP/1.1" 404 469 "-" "-"
Jail.conf
[apache-probe]
enabled = true
port = http,https
filter = apache-probe
logpath = /var/log/apache2/access.log
action = iptables-multiport[name=apache-probe, port="http,https", protocol=tcp]
maxretry = 1
bantime = 30 # Test
Apache-probe.conf
[Definition]
failregex = ^<HOST>.*"GET \/muieblackcat HTTP\/1\.1".*
ignoreregex =
© Server Fault or respective owner