特定网址的Fail2ban监狱不适用于Cloudflare [英] Fail2ban jail for specific url doesn't work with Cloudflare
问题描述
这是先前有关为特定URL创建 jail的问题的延续.
This is a continuation of a previous question regarding creating a jail for a specific url.
它禁止Cloudflare IP,而不是用户IP.我已遵循本指南来设置Cloudflare过滤器,但是有问题.
It bans the Cloudflare IP and not that of the user. I've followed this guide to setup the Cloudflare filter, but am having issues.
Jail.local 看起来像这样...
Jail.local looks like this...
[apache-specific-url]
enabled = true
port = http,https
filter = apache-specific-url
action = cloudflare
iptables-allports
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1
actions.d/cloudflare.conf
这是我正在使用的Fail2ban V0.11.1附带的cloudflare.conf.它似乎是最新且正确的版本.我已经正确设置了 cftoken &文件中的 cfuser .
This is the cloudflare.conf that came with Fail2ban V0.11.1 which is what I'm using. It looks to be the latest and correct version. I've properly set cftoken & cfuser in the file.
actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
-H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "" } }' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)
我的API信息&卷毛很好
如果我卷曲以下内容,则测试IP确实被禁止在cloudflare上使用,返回时我会成功.
If I curl the following, the test IP is indeed banned on cloudflare and I get a success upon return.
curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
-H "X-Auth-Email: CloudFlare-username" \
-H "X-Auth-Key: CloudFlare-API-Key" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"1.2.3.4"},"notes":"Fail2ban"}'
/var/log/fail2ban.log 显示以下内容
2021-01-15 14:59:08,461 fail2ban.filter [3439]: INFO [apache-specific-url] Found 172.69.63.147 - 2021-01-15 14:59:07
2021-01-15 14:59:08,981 fail2ban.actions [3439]: NOTICE [apache-specific-url] Ban 172.69.63.147
我不确定我在这里缺少什么,但是看起来我没有正确设置监狱以从Cloudflare获取实际IP,并将其禁止在本地或Cloudflare上使用.
I'm not sure what I'm missing here, but it doesn't look like I've setup the jail properly to get the actual IP from Cloudflare and ban it locally or on Cloudflare.
任何帮助都将不胜感激.
Any help greatly appreciated.
推荐答案
经过大量的试验和错误,禁止和取消禁止的问题在于cloudflare动作.解析json对于人们来说似乎很棘手.奇怪的是,我发现有几个人对此问题有不同的解决方案.但是,以下是"Mix".这对我行得通.我希望它对以后的人有所帮助.
After a great deal of trial and error, the problem with banning and unbanning was with the cloudflare action. Parsing the json seems to be tricky for folks. Oddly enough, I found several folks with the issue with different resolutions. However, the following is the "Mix" that works for me. I hope it helps someone in the future.
/etc/fail2ban/action.d/cloudflare.conf
actionban = curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban"}'
actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1 | sed -E -e 's/^\s+//' -e 's/\s+$//')" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json"
