Hello,
I just setup cloudflare on some of my websites, but I do see that on the wordpress filter on fail2ban i get blocked also the Cloudflare IP,s, , is there a way to block the real IP of the users behind the cloudflare?
| SYSTEM INFORMATION | |
|---|---|
| OS type and version | Ubuntu Linux 20.04.5 |
| Webmin version | 2.011 |
| Virtualmin version | 7.5 |
Presumably they add an X-Forwarded-For header, so you’d need to act on that rather than the IP.
Here’s a blog post about using fail2ban behind a proxy (which is what you’re doing, Cloudflare is a proxy). Fail2Ban Behind A Proxy/Load Balancer – Centos.Tips
I haven’t vetted that link, it’s just one of the first things that comes up and seems reasonable.
Based on your idea, i got to show the real ips on logs and ban them following this guide by activating mod_remoteip in apache:
https://support.cloudflare.com/hc/en-us/articles/200170786#C5XWe97z77b3XZV
Since banning the real ips could not stop them, and since i could not configure the iptables thing (I am not very skilled on coding), I instead did transfer the original banned ips to Cloudflare IPacces rules, following this guide:
The drawback is that the IPS on cloudlfare - IP ACCESS RULES, get banned permanently until you unban them manually by pressing X on each of them. At leas i have them banned if they go on extremely brute forcing.
This topic was automatically closed 60 days after the last reply. New replies are no longer allowed.