feature idea, also add ip block to cloudflare firewall via api

5 posts Page 1 of 1
aww+
Junior Member
Posts: 105
Joined: 27 Aug 2012, 20:53


it's possible to do this from a simple bash command but it might be useful to less skilled users to have an option where LFD can also add an ip ban to cloudflare when the user provides an api key

https://api.cloudflare.com/#user-level- ... ccess-rule

might be too much to maintain for permanent rules, maybe make it part of the tempban feature?

when the feature is enabled, csf -td or csf -tr could also do the api call to cloudflare

note that cloudflare only allows single ip /24 and /16 blocks, but they also allow full country blocks by two letter code and ASN blocks by number
aww+
Junior Member
Posts: 105
Joined: 27 Aug 2012, 20:53


ps. it definitely would add cpu overhead and not work for https connections but it might also be possible to do deeper inspection of packets via the linux firewall to block the true ip passed from cloudflare in the http headers before it even gets to server software or php
ForumAdmin
Moderator
Posts: 1341
Joined: 01 Oct 2008, 09:24


We are actually working on a feature allowing csf to use the CloudFlare firewall (provided mod_cloudflare or equivalent is being used) to allow and deny temporary IP blocks. When enabled any web based blocks will automatically become temporary blocks to keep things in sync.
aww+
Junior Member
Posts: 105
Joined: 27 Aug 2012, 20:53


just noticed the readme for version 11

you all are absolutely amazing, thank you for all your work over the years

I hope someday some wealthy corporation throws lots of money your way (but still keeps your free software free to keep everyone safer)
jamesstormer
Junior Member
Posts: 2
Joined: 24 Oct 2017, 17:22


I've got this working. It works good. My suggestion on this as a minor tweak... The description that is added over in cloudflare just says: csf block

Can a more descriptive reason be used or defined per account in csf.cloudflare?

Example, there might be multiple cpanel accounts that use the same cloudflare account. In the description could it be: csf domain.com block That way we know what domain the block came in on? Just a thought about polishing it up a bit. If not, no big deal. happy to have it either way.

One other note, as I posted a response to another user on this forum about this, I had told him he needs to go find all accounts that have cloudflare domains and get their individual api keys. That's a pita... is there anything that could alert the administrator of a domain that is using cloudflare but not in the csf.cloudflare file? Users can enable cloudflare and update the dns and you'd never know. (until attacked)

Thanks!

James
5 posts Page 1 of 1