Last active
June 28, 2023 23:22
-
-
Save pramoso/86195a89cd1ff76beb32bfba4e32e8e9 to your computer and use it in GitHub Desktop.
Revisions
-
pramoso revised this gist
Jun 28, 2023 . No changes.There are no files selected for viewing
-
Jun 28, 2023 . No changes.There are no files selected for viewing
-
Jun 28, 2023 . 1 changed file with 95 additions and 0 deletions.There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,95 @@ # # Author: Logic-32 # # IMPORTANT # # Please set jail.local's permission to 640 because it contains your CF API token. # # This action depends on curl. # # To get your Cloudflare API token: https://developers.cloudflare.com/api/tokens/create/ # # Cloudflare Firewall API: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/endpoints/ [Definition] # Option: actionstart # Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). # Values: CMD # actionstart = # Option: actionstop # Notes.: command executed at the stop of jail (or at the end of Fail2Ban) # Values: CMD # actionstop = # Option: actioncheck # Notes.: command executed once before each actionban command # Values: CMD # actioncheck = # Option: actionban # Notes.: command executed when banning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address # <failures> number of failures # <time> unix timestamp of the ban time # Values: CMD actionban = curl -s -X POST "<_cf_api_url>" \ <_cf_api_prms> \ --data '{"mode":"<cfmode>","configuration":{"target":"<cftarget>","value":"<ip>"},"notes":"<notes>"}' # Option: actionunban # Notes.: command executed when unbanning an IP. Take care that the # command is executed with Fail2Ban user rights. # Tags: <ip> IP address # <failures> number of failures # <time> unix timestamp of the ban time # Values: CMD # actionunban = id=$(curl -s -X GET "<_cf_api_url>" \ --data-urlencode "mode=<cfmode>" --data-urlencode "notes=<notes>" --data-urlencode "configuration.target=<cftarget>" --data-urlencode "configuration.value=<ip>" \ <_cf_api_prms> \ | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \ | tr -d ' "' \ | head -n 1) if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found using target <cftarget>"; exit 0; fi; \ curl -s -X DELETE "<_cf_api_url>/$id" \ <_cf_api_prms> \ --data '{"cascade": "none"}' # We dont ban ip by specific cloudfare zone, instead we ban ip on all sites # _cf_api_url = https://api.cloudflare.com/client/v4/zones/<cfzone>/firewall/access_rules/rules _cf_api_url = https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules _cf_api_prms = -H "Authorization: Bearer <cftoken>" -H "Content-Type: application/json" [Init] # Declare your Cloudflare Authorization Bearer Token in the [DEFAULT] section of your jail.local file. # The Cloudflare <ZONE_ID> of hte domain you want to manage. # # cfzone = # Your personal Cloudflare token. Ideally restricted to just have "Zone.Firewall Services" permissions. # # cftoken = # Target of the firewall rule. Default is "ip" (v4). # cftarget = ip # The firewall mode Cloudflare should use. Default is "block" (deny access). # Consider also "js_challenge" or other "allowed_modes" if you want. # cfmode = block # The message to include in the firewall IP banning rule. # notes = Fail2Ban <name> [Init?family=inet6] cftarget = ip6 -
Jun 28, 2023 . No changes.There are no files selected for viewing
-
Jun 28, 2023 .There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters. Learn more about bidirectional Unicode charactersOriginal file line number Diff line number Diff line change @@ -0,0 +1,30 @@ [wordpress-hard] enabled = true port = http,https filter = wordpress-hard logpath = /var/log/auth.log maxretry = 1 findtime = 3600 bantime = 86400 action = cloudflare-token iptables-allports [wordpress-soft] enabled = true port = http,https filter = wordpress-soft logpath = /var/log/auth.log maxretry = 3 findtime = 3600 bantime = 3600 action = cloudflare-token iptables-allports [wordpress-extra] enabled = true port = http,https filter = wordpress-extra logpath = /var/log/auth.log maxretry = 3 findtime = 3600 bantime = 3600 action = cloudflare-token iptables-allports