Suggested feature: get Cloudflare to block real-time IP addresses identified by Wordfence

We use Cloudflare’s firewall plus Wordfence on our origin server’s Wordpress install.

On our origin server, Wordfence blocks IP addresses all day long because Wordfence has a global database of malignant IP addresses.

It would be awesome if Wordfence’s list of belligerent IP addresses could be blocked by Cloudflare instead. That would prevent requests from those addresses from even reaching our server.

It would take a load off our server.

It would also make Cloudflare more effective because Wordfence would be identifying the IP addresses that are malicious.

More generally, maybe Cloudflare could have web application rules you could subscribe to (even for an additional fee) that are the feeds from Wordfence, Sucuri and others of THEIR blocked IP addresses.

Whether or not Cloudflare were to implement something like this, the Cloudflare API allows for applications/services such as Wordfence to add/remove IPs from your access list.

However, those services would need to implement it in their WordPress plugins though. They’d need to call-out to the Cloudflare API whenever they blocked/unblocked an IP on your specific installation to keep the Cloudflare IP access list in-sync with your Wordfence block-list.

What I suggested above would have nothing to do with, for example Wordfence’s global block-list, but could synchronize any IP that was blocked/unblocked specifically within your installation.

1 Like

Cloudflare too.

IPs are sensitive, and blocking them from databases can be harmful in many cases.
Take these two examples.
IP A is malicious because the user was momentarily compromised; as a result, the user now faces a lot of friction due to IP reputation databases.
IP B is malicious because the previous owner of the IP used it to brute force accounts. As a result, the legitimate new owner has struggles browsing the internet.
Given how dynamic IPs are, IP databases only make sense if:

  1. You are sure, beyond any reasonable doubt, that the IP is a proxy server and not a compromised machine.
  2. You are sure, beyond any reasonable doubt, that the IP is part of a VPN service.

Because IP reputation is such a delicate topic, Cloudflare tends to be more forgiving when giving IPs a threat score; it’s a complex field that I believe Cloudflare does well because with that model, if an IP has a bad reputation, you can be sure that there is a good reason for it.

Managed IP lists.
https://developers.cloudflare.com/firewall/cf-firewall-rules/rules-lists/#:~:text=​​%20Managed%20IP%20Lists%3A%20Open%20Proxies&text=Cloudflare%20scans%20public%2C%20open%20proxy,via%20the%20dashboard%20or%20API.

If you really want this, you could do it by making your own IP Lists on your Cloudflare account and update them periodically.

This topic was automatically closed 15 days after the last reply. New replies are no longer allowed.