Fail2ban blocking Cloudflare IPs

Hello,

I just setup cloudflare on some of my websites, but I do see that on the wordpress filter on fail2ban i get blocked also the Cloudflare IP,s, , is there a way to block the real IP of the users behind the cloudflare?

SYSTEM INFORMATION
OS type and version Ubuntu Linux 20.04.5
Webmin version 2.011
Virtualmin version 7.5

Presumably they add an X-Forwarded-For header, so you’d need to act on that rather than the IP.

Here’s a blog post about using fail2ban behind a proxy (which is what you’re doing, Cloudflare is a proxy). Fail2Ban Behind A Proxy/Load Balancer – Centos.Tips

I haven’t vetted that link, it’s just one of the first things that comes up and seems reasonable.

Based on your idea, i got to show the real ips on logs and ban them following this guide by activating mod_remoteip in apache:

https://support.cloudflare.com/hc/en-us/articles/200170786#C5XWe97z77b3XZV

Since banning the real ips could not stop them, and since i could not configure the iptables thing (I am not very skilled on coding), I instead did transfer the original banned ips to Cloudflare IPacces rules, following this guide:

The drawback is that the IPS on cloudlfare - IP ACCESS RULES, get banned permanently until you unban them manually by pressing X on each of them. At leas i have them banned if they go on extremely brute forcing.