• Our team is looking to connect with folks who use email services provided by Plesk, or a premium service. If you'd like to be part of the discovery process and share your experiences, we invite you to complete this short screening survey. If your responses match the persona we are looking for, you'll receive a link to schedule a call at your convenience. We look forward to hearing from you!
  • We are looking for U.S.-based freelancer or agency working with SEO or WordPress for a quick 30-min interviews to gather feedback on XOVI, a successful German SEO tool we’re looking to launch in the U.S.
    If you qualify and participate, you’ll receive a $30 Amazon gift card as a thank-you. Please apply here. Thanks for helping shape a better SEO product for agencies!
  • The BIND DNS server has already been deprecated and removed from Plesk for Windows.
    If a Plesk for Windows server is still using BIND, the upgrade to Plesk Obsidian 18.0.70 will be unavailable until the administrator switches the DNS server to Microsoft DNS. We strongly recommend transitioning to Microsoft DNS within the next 6 weeks, before the Plesk 18.0.70 release.
  • The Horde component is removed from Plesk Installer. We recommend switching to another webmail software supported in Plesk.

Issue Fail2ban not correctly banning IPs from users passing through Cloudflare even if real visitor's IPs are blocked by Fail2ban.

raykai

raykai

Basic Pleskian
Hi,
I'm having a problem where Fail2ban is banning IPs of real bad visitors but as the bad users are coming in by Cloudflare proxy they can still hit my server on ports 80 and 443 even if I have Fail2ban blocking the IPs for all ports.

I restore the IPs from real visitors following this guide: https://support.plesk.com/hc/en-us/...behind-load-balancer-or-reverse-forward-proxy
I used the Server-wide solution with Nginx enabled option.

So in my logs do show the real IPs and not the IPs of Cloudflare. Fail2ban is listing and blocking the real visitor IPs but they can still connect to my server when I have Cloudflare proxy on.

I tested with having Cloudflare proxy off and it is blocking IPs correctly. But if I turn the Cloudflare proxy on I can hit my server even if the IP I'm using (VPN) is banned in Fail2ban.

Here is my Fail2Ban Filter:
Snipaste_2021-10-16_07-56-44.png

This is my Fail2Ban Jail:
Snipaste_2021-10-16_07-57-18.png
(note the max retry # is low just for testing.)

How can I get Fail2Ban to work correctly with Cloudflare?
 
You cannot. Fail2ban IP/port bans operate at a network level, and use iptables to drop incoming connections. The incoming connection still comes from a Cloudflare IP and is simply rewritten to a different IP by Apache at an application level. You cannot rewrite the TCP SRC IP to the real IP like you can with Apache, so you cannot properly block users.

You can consider blocking them with a 403 access code or at Cloudflare.
 
john0001 said:
You cannot. Fail2ban IP/port bans operate at a network level, and use iptables to drop incoming connections. The incoming connection still comes from a Cloudflare IP and is simply rewritten to a different IP by Apache at an application level. You cannot rewrite the TCP SRC IP to the real IP like you can with Apache, so you cannot properly block users.

You can consider blocking them with a 403 access code or at Cloudflare.
Click to expand...
how would I make it block from Cloudflare?
 
You must log in or register to reply here.

Similar threads

S
Issue Plesk not showing correct IPs in error logs and is blocking cloudflare IPs in fail 2 ban resulting in server going down.
Replies
4
Views
936
sulabhpuri
S
majdi draouil
Question How to Block Direct IP Access and Ensure All Traffic Routes Through Cloudflare
Replies
1
Views
601
Raul A.
R
A
Question Fail2Ban capture and ban IP, connection still being made
Replies
8
Views
2K
Bitpalast
Bitpalast
andreios
Issue Fail2ban WordPress login detection doesn't work and fail2ban couldn't be configured trough Plesk
Replies
2
Views
957
andreios
andreios
T
Issue Unbanning some IP addresses causes the server to be unresponsive
Replies
4
Views
958
TurabG
T
Back
Top