CSF not blocking when mod_security rule triggered via CloudFlare

Post Reply
lukekenny
Junior Member
Posts: 1
Joined: 16 Jul 2021, 12:59

CSF not blocking when mod_security rule triggered via CloudFlare

Post by lukekenny »

When CF_ENABLED is set to 1, Is there a log of CSF's interactions with CloudFlare?

I have mod_remote IP setup and working, mod_security is setup and working, and in the LFD log I can trigger the mod_security rules and see a block come up (I am testing via TOR):

Code: Select all

Jul 16 23:01:42 myserver lfd[34456]: (mod_security) mod_security (id:210860) triggered by 162.247.74.216 (US/United States/phoolandevi.tor-exit.calyxinstitute.org): 5 in the last 3600 secs (CF_ENABLE) - *Blocked in csf* for 86400 secs [LF_MODSEC]
The IP address shown is the IP address of the TOR exit node, which is what I am expecting to see, not the CloudFlare IP.

I have configured an entry for the domain in /etc/csf/csf.cloudflare:

Code: Select all

DOMAIN:thedomain.com:USER:theacct:CFACCOUNT:my@cloudflareemail.com:CFAPIKEY:mycloudflareglobalapikey
If I click on the CloudFlare button in CSF and select the account, it seems to be talking to CloudFlare, in that it doesn't show and error when I hit the CF List Rules button. But there are no rules displayed, and the browser is not blocked.

CF_ENABLE = 1
CF_CPANEL = 0
CF_BLOCK = block
CF_TEMP = 86400

CT_SUBNET_LIMIT = 0

What am I missing? How can I determine if CSF is attempting to communicate the block to CloudFlare and diagnose the issue?
Post Reply