Cloudflare options/blocking not working

[Tearabite]

I'm having trouble getting the (awesome!) new Cloudflare option to work. CSF seems to be communicating with CloudFlare as I can view the Cloudflare rules for the user I have configured, but blocking based on Mod_Security hits does not seem to work at all.. Is there any more documentation that might help me with troubleshooting?

Speaking of documentation, in the CSF readme.txt, and I'm seeing the following issues/problems/ambiguity:

1) The readme file seems to end at section after section #7 of the CLI section. the last line is:
7. To add a temporary block that blocks in csf as well as CloudFlare:
..it leaves me hankering for more!

Also, section 27 (Cloudflare), number 6 says:
"URLGET must be set to 1 (i.e. LWP) must be used"
I read this to mean that I must set URLGET to #1 to use LWP, but in the ConfServer Configuration it says that #1 is HTTP::Tiny and #2 is LWP - so which do I use??

And...
I am confused on how the "special case any" is to be used - the info in the csf.cloudflare file is lacking (or i'm just stupid). Can we have more info on when/how/why to use the special case "any" ?

Finally..
Is there anything in the UI to confirm that Mod_Cloudflare is running/working?
"find / -name ModCloudflare.pm" gives me this output:
/var/cpanel/easy/apache/custom_opt_mods/Cpanel/Easy/ModCloudflare.pm
So i assume/guess/hope it's running and functioning properly?

[Tearabite]

also..
There is another post with a reply that indicates that the security/server check should indicate if Mod_Cloudflare is present or not, but i see nothing there..

[ForumAdmin]

If you could post a ModSecurity entry from the Apache error_log which should have triggered in lfd, we can explain more from there.

You can check for mod_cloudflare using:

Code: Select all

/usr/local/apache/bin/httpd -M | grep cloudflare

[Tearabite]

Thank you.
Looks like my Mod_Cloudflare is not running so this would explain why my blocking isnt working.

Would still like to see some clarification on those documentation issues i mentioned.

[ForumAdmin]

The documentation will be addressed. To confirm, LWP (option 2) must be enabled for URLGET and item 7. should not be there.

The "any" special case is for the following:

If you have several domains on the server, say a.com b.com and c.com that have a hacker triggering ModSecurity rules, then once LF_MODSEC is triggered, the offending IP will be blocked as normal in csf, but with a temporary block of CF_TEMP seconds. If any of those 3 domains uses cloudflare and is configured to use this new feature, then all the accounts associated with the domains will also have an entry added into their respective CloudFlare Firewalls.

If you additionally have a domain x.com that also uses CloudFlare on a different account, then that normally would not get an associated block in their CloudFlare Firewall as they are not involved in the LF_MODSEC trigger.

If you do , however, want x.com to also receive a block in their CloudFlare Firewall regardless as to whether they are involved with the LF_MODSEC trigger or not, then setting that accounts entry in csf.cloudflare to "any" will mean that that account will always receive an entry in their CloudFlare Firewall.