Fail2ban and cloudflare

At this moment on LEMP stack I have installed fail2ban with some basic security features.
Since fail2ban uses access log, I was thinking to disable totally fail2ban to improve performance.

Would that be a problem when using Cloudflare to disable totally fail2ban and just use Cloudflare?

Haven’t tried this yet but f2b can be an additional layer of security. But to make use of it with your webserver logs you’d have to restore the visitor IP. Otherwiese it would grab Cloudflare IPs from the logs but i doubt that adding them to the ban list would not take any effect imho. .

Cloudflare doesn’t ban. Suspicios ‘visitors’ will be challenged but not blocked (banned) automatically. You could exclude f2b from your apache access logs and keep it active for SSH, SMTP, and so on. But if you are a programmer you migh want to try to add those IPs to the Firewall via the API. But even there you can’t block them when they hit the f2b trigger.

Cloudflare is not protecting you server, to simplify things Cloudflare only protect your domain, but you server is still available to the public by its ip address and anyone who will access your ip address will not be go through Cloudflare.

so in conclusion you still need tools like fail2ban and others to protect your server, we cant know if you can disable fail2ban because we don’t know what other security your server has and how its protected

1 Like

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.