Using ConfigServer Firewall, or blocking non-US IPs

I’m using Ezoic, and they run the DNS through Cloudflare. So I don’t have access to the regular dashboard :-/

I’ve always used CSF’s CC_ALLOW_FILTER to block non-US IPs. But I started using Ezoic / Cloudflare in September, and now that all incoming IPs appear to come from Cloudflare I don’t think that this is working.

I tried enabling CF_ENABLE, but nothing changed so I think there must be more to it than simply changing that to 1.

I found this older thread about creating Cloudflare rules, but I don’t think that I have that capability with the Ezoic dashboard:

Any other suggestions on getting CSF to block non-US IPs and bad bots while using Cloudflare?

This would be a question to ask Ezoic as there aren’t as many people here who have used the Ezoic dashboard. It sounds like you need to restore visitor IPs, but not sure how that works with Ezoic,

Unfortunately, my Ezoic rep has no clue, either :frowning: And I saw that similar questions have been asked on the CSF forum, but no one has ever replied. Believe me, I’ve been chasing this issue for about 3 months! LOL

Asking here is sort of my Hail Mary, hoping that maybe someone has experience integrating CSF with Cloudflare, or maybe knows of a back door option without using the Cloudflare dashboard.

The article you posted is something I can try, though! It looks like I would just be installing mod_remoteip with Apache, and then adding some Apache configuration on the server. I don’t think it would affect Ezoic, but if it does then I can easily just remove the Apache configuration.

I’ll try it tomorrow night when the server load is low, and post back with the results :slight_smile:

Update for future readers:

Installing mod_remoteip was seamless with EasyApache 4, and then I added this to the Apache configuration:

RemoteIPHeader X-Forwarded-For

All that really does is make the environment variable REMOTE_ADDR equal the Cloudflare variable of HTTP_X_FORWARDED_FOR.

Using Ezoic, that comes through as IPv6, though, instead of IPv4. So it’s not particularly useful.

I’ve also learned that CSF runs before Apache, so converting the IP in Apache doesn’t help CSF at all.

It looks like the solution for me will be to have my own Cloudflare account, and then I can pipe Ezoic through that. I haven’t tried it yet, but it looks like it will be relatively painless. I’m not allowed to share the link here, but just Google “how to integrate with ezoic using cloudflare”; it looks like a simple process of sharing your Cloudflare login info with Ezoic and then changing your domain’s nameservers to point to Cloudflare.

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.