Hello!
I’m trying to put my dev server with http passwords behind a zero trust tunnel. I’d like erroneous logins caught by fail2ban also bans on the Cloudflare side, fail2ban works locally - but Cloudflare isn’t updated somehow
- In /etc/fail2ban/jail.local, under [apache] I’ve added
action = cloudflare
iptables-allports
-
In /etc/fail2ban/action.d/Cloudflare.conf I copied the file from
https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.confand added my ‘cftoken’ and ‘cfuser’ on the bottom -
I forwarded the real IP from Cloudflare to apache by adding the header
RemoteIPHeader CF-Connecting-IPin /etc/apache2/sites-available/000-default.conf.
The banning works, if i do some failed attempts, In /var/log/fail2ban.log I get:
fail2ban.actions [2854]: NOTICE [apache] Ban xxx.xxx.xxx.xxx
And it’s the real IP, and it’s banned - but only locally. The site keeps being available through zero tunnel. And if I look at the Security > WAF page there are no new IP Rules there.
I’m missing something - but I don’t know what. Any input is much appreciated.