Unable to unban ip through fail2ban in cloudflare


#1

hi i am using fail2ban with cloudflare. ban is working but unban is not working. i need to auto unban ip in 1 month. here is my codes.

jail.local

[nginx]
enabled = true
port    = http,https
filter  = nginx
logpath = /var/www/xyz/data/logs/example.com.access.log
maxretry = 2
findtime = 3600
bantime = 3000000
banaction = iptables-multiport
action = cloudflare

here is cloudflare action file

# Author: Mike Rushton

#

# IMPORTANT

#

# Please set jail.local's permission to 640 because it contains your CF API key.

#

# This action depends on curl.

# Referenced from http://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE

#

# To get your CloudFlare API Key: https://www.cloudflare.com/a/account/my-account

#

# CloudFlare API error codes: https://www.cloudflare.com/docs/host-api.html#s4.2

[Definition]

# Option: actionstart

# Notes.: command executed once at the start of Fail2Ban.

# Values: CMD

#

actionstart =

# Option: actionstop

# Notes.: command executed once at the end of Fail2Ban

# Values: CMD

#

actionstop =

# Option: actioncheck

# Notes.: command executed once before each actionban command

# Values: CMD

#

actioncheck =

# Option: actionban

# Notes.: command executed when banning an IP. Take care that the

# command is executed with Fail2Ban user rights.

# Tags: <ip> IP address

# <failures> number of failures

# <time> unix timestamp of the ban time

# Values: CMD

#

# API v1

#actionban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=ban' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'

# API v4

actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \

-H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "<ip>" } }' \

https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules

# Option: actionunban

# Notes.: command executed when unbanning an IP. Take care that the

# command is executed with Fail2Ban user rights.

# Tags: <ip> IP address

# <failures> number of failures

# <time> unix timestamp of the ban time

# Values: CMD

#

# API v1

#actionunban = curl -s -o /dev/null https://www.cloudflare.com/api_json.html -d 'a=nul' -d 'tkn=<cftoken>' -d 'email=<cfuser>' -d 'key=<ip>'

# API v4

actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \

https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \

'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' cut -d'"' -f6)

[Init]

# If you like to use this action with mailing whois lines, you could use the composite action

# action_cf_mwl predefined in jail.conf, just define in your jail:

#

# action = %(action_cf_mwl)s

# # Your CF account e-mail

# cfemail =

# # Your CF API Key

# cfapikey =

cftoken =

cfuser =

Please help me.