fail2ban with Cloudflare

Posted by tatersalad58 on Server Fault See other posts from Server Fault or by tatersalad58
Published on 2012-08-30T15:03:17Z Indexed on 2012/08/30 15:39 UTC
Read the original article Hit count: 427

Filed under:
|
|
|
|

I'm using fail2ban to block web vulnerability scanners. It is working correctly when visiting the site if CloudFlare is bypassed, but a user can still access it if going through it. I have mod_cloudflare installed.

Is it possible to block users with IPtables when using Cloudflare?

Ubuntu Server 12.04 32-bit

Access.log:

112.64.89.231 - - [29/Aug/2012:19:16:01 -0500] "GET /muieblackcat HTTP/1.1" 404 469 "-" "-"

Jail.conf

[apache-probe]

enabled  = true
port     = http,https
filter   = apache-probe
logpath  = /var/log/apache2/access.log
action   = iptables-multiport[name=apache-probe, port="http,https", protocol=tcp]
maxretry = 1
bantime  = 30 # Test

Apache-probe.conf

[Definition]

failregex   = ^<HOST>.*"GET \/muieblackcat HTTP\/1\.1".*
ignoreregex =

© Server Fault or respective owner

Related posts about apache2

Related posts about ubuntu