Monday, June 12, 2023

Fail2Ban CloudFlare action using Authorization Bearer Token

THE NEW ACTIONBAN COMMAND
The new actionban command for CloudFlare IP address blocking is as follows…

actionban = curl -s -X POST https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules 
	-H "Authorization: Bearer <cfkey>" -H "Content-Type: application/json" 
	--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Banned by Fail2Ban"}'

THE NEW ACTIONUNBAN COMMAND

actionunban = curl -s -X GET -H "Authorization: Bearer <cfkey>" -H "Content-Type: application/json" 
	"https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?page=1&per_page=5&mode=block&configuration.target=ip&configuration.value=<ip>&notes=Banned by Fail2Ban&match=all&order=configuration.value&direction=desc" | 
	python -c "import sys, json; print json.load(sys.stdin)['result'][0]['id'];" | 
	xargs -I@@ curl -s -X DELETE -H "Authorization: Bearer <cfkey>" -H "Content-Type: application/json" https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/@@

IMPLEMENTATION
We could modify the /etc/fail2ban/action.d/cloudflare.conf

How to block 404 attacks using fail2ban »
« ແຈກ Indicator ສັນຍານ ຈຸດ Buy & Sell ໃນ MT5

Subscribe

  • RSS Atom

ອອນລາຍ: 1 | ມື້ນີ້: 13 | ວານນີ້: 25 | ທິດນີ້: 93 | ເດືອນນີ້: 872 | ປີນີ້: 11832 | ລວມ: 78935