Apache + mod remoteip + fail2ban

Hi folks,
anyone could explain to me why fail2ban does not seem to understand what to do with remoteip ?

I mean : if you activate fail2ban while using Cloudflare, you’re going to ban Cloudflare’s rotating IPs… so after a while nobody will be able to visit your website.
So, in order to get correct urls in my logs and ban theme, you can activate apache’s mod : remoteip
BUT : fail2ban does not work anymore.
Why ? While your log are still ok (only difference is the IP which are private this time) =
123.123.123.123 - - [28/Mar/2022:17:56:27 +0200] “POST /wp-admin/admin-ajax.php HTTP/1.1” 200 3699 “https://site.com/wp-admin/” “Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:98.0) Gecko/20100101 Firefox/98.0”
… the iptables rules generated are not, cause instead of =
123.123.123.123 - -
you get those things like =
123-123-123-123.provider.tld - -
It changes the . in - and it adds the domains ! How could it ban acting like this ?
While the attacker 123.123.123.123 has been banned using 123.123.123.123.someblsh1t.com, he’s still attacking with 123.123.123.123 till the end of times.

I checked fail2ban action.d/iptables.conf , and nothing seems able to do that magically.

So if someone uses remoteip and fail2ban successfully, please help. I still want to do this like that, not using Cloudflare’s API and interact with the WAF

thx so much

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.