Secure Global IP key

so I am using fail2ban to ban and unban IP from our servers, everything is worked fine with the Global IP key but I can’t restrict this global IP key with specific IPs whitelist, so I tried API Tokens but it’s not worked with fail2ban request or any request accessing to firewall rules it always gives me the same error "errors":[{"code":10000,"message":"API Tokens are not supported by this API for now"}]}
so is there any way to restrict the Global API key by IPs, if not what can I do to solve this error when I am using API Tokens …

What do you mean?

I want to allow the Global API key to use only from specific IPs.

This isn’t possible, if you want to restrict it by IP then it has to be an API token.

I tried API token, with the following request
curl -s -o -X POST -H 'Authorization: Bearer My-Token' -H 'Content-Type: application/json'-d'{"mode":"block","configuration":{"target":"ip","value":"123.22.55.1"},"notes":"Fail2Ban"}' https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
always same error {"success":false,"errors":[{"code":10000,"message":"API Tokens are not supported by this API for now"}]}

if API Tokens aren’t supported on that API endpoint then only Cloudflare can change that.

IIRC, user endpoint https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules is Global API Key only

if you want to use API token need to use account endpoint with account id too https://api.cloudflare.com/client/v4/accounts/<cfaccountid>/firewall/access_rules/rules

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.