CODEWITHSUNDEEP
securitywebwebservercloudflarefail2ban
James
James

Reputation: 2518

Fail2ban and CloudFlare?

Just wondering if it is possible to use Fail2ban on a server with CloudFlare in front of it?

Server <-> CloudFlare <-> Internet

The issue is that it seems the incoming web traffic has the IP of the CloudFlare servers, rather than the originating IP.

For example, I banhammer people probing for vulnerabilities of systems not in use.

*.log:173.245.55.134 - - [12/Oct/2016:23:06:32 -0400] "GET /CFIDE/administrator/ HTTP/1.1" 403 5423 "-" "-"

The above appears to be an attempt to exploit ColdFusion... Whatever that is. So I banhammer them, but now the incoming IP is listed as CloudFlare, so that is not going to work.

IP Lookup: 173.245.55.134 

General IP Information

IP: 173.245.55.134  
Decimal:    2918528902  
Hostname:   cf-173-245-55-134.cloudflare.com
ASN:    13335
ISP:    CloudFlare
Organization:   CloudFlare

Therefore, is it possible to still use fail2ban with CloudFlare in front of it? What is the solution?

Upvotes: 0

Views: 1015

Answers (1)

Oskar Laska
Oskar Laska

Reputation: 130

Yes, you can still use fail2ban to block IPs on your server. Since Cloudflare is a reverse proxy, however, you do want to make sure you have a solution to restore original visitor IP back to your server logs using Cloudflare and fail2ban at the same time.

Cloudflare KB on "Can I still use fail2ban while using Cloudflare?"

Yes, you can, though you may wish to restore the original IP Address of your end user using something like Mod_Cloudflare; their knowledge base contains a guide on Restoring Visitor IPs.

Cloudflare are soon offering the ability to do rate limiting in the Cloud, you can sign up for their beta on their site.

Upvotes: 1

Related Questions