lundi 24 octobre 2016

Fail2ban and CloudFlare?

Just wondering if it is possible to use Fail2ban on a server with CloudFlare in front of it?

Server <-> CloudFlare <-> Internet

The issue is that it seems the incoming web traffic has the IP of the CloudFlare servers, rather than the originating IP.

For example, I banhammer people probing for vulnerabilities of systems not in use.

*.log:173.245.55.134 - - [12/Oct/2016:23:06:32 -0400] "GET /CFIDE/administrator/ HTTP/1.1" 403 5423 "-" "-"

The above appears to be an attempt to exploit ColdFusion... Whatever that is. So I banhammer them, but now the incoming IP is listed as CloudFlare, so that is not going to work.

IP Lookup: 173.245.55.134

General IP Information

IP: 173.245.55.134  
Decimal:    2918528902  
Hostname:   cf-173-245-55-134.cloudflare.com
ASN:    13335
ISP:    CloudFlare
Organization:   CloudFlare

Therefore, is it possible to still use fail2ban with CloudFlare in front of it? What is the solution?




Publié par à
Libellés :

Aucun commentaire:

Enregistrer un commentaire

Inscription à : Publier les commentaires (Atom)