diff options
Diffstat (limited to 'straper/db/public/fail2ban/etc-fail2ban/action.d/cloudflare-token.conf')
| -rw-r--r-- | straper/db/public/fail2ban/etc-fail2ban/action.d/cloudflare-token.conf | 93 |
1 files changed, 93 insertions, 0 deletions
diff --git a/straper/db/public/fail2ban/etc-fail2ban/action.d/cloudflare-token.conf b/straper/db/public/fail2ban/etc-fail2ban/action.d/cloudflare-token.conf new file mode 100644 index 0000000..ff5f5c4 --- /dev/null +++ b/straper/db/public/fail2ban/etc-fail2ban/action.d/cloudflare-token.conf @@ -0,0 +1,93 @@ +# +# Author: Logic-32 +# +# IMPORTANT +# +# Please set jail.local's permission to 640 because it contains your CF API token. +# +# This action depends on curl. +# +# To get your Cloudflare API token: https://developers.cloudflare.com/api/tokens/create/ +# +# Cloudflare Firewall API: https://developers.cloudflare.com/firewall/api/cf-firewall-rules/endpoints/ + +[Definition] + +# Option: actionstart +# Notes.: command executed on demand at the first ban (or at the start of Fail2Ban if actionstart_on_demand is set to false). +# Values: CMD +# +actionstart = + +# Option: actionstop +# Notes.: command executed at the stop of jail (or at the end of Fail2Ban) +# Values: CMD +# +actionstop = + +# Option: actioncheck +# Notes.: command executed once before each actionban command +# Values: CMD +# +actioncheck = + +# Option: actionban +# Notes.: command executed when banning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +actionban = curl -s -X POST "<_cf_api_url>" \ + <_cf_api_prms> \ + --data '{"mode":"<cfmode>","configuration":{"target":"<cftarget>","value":"<ip>"},"notes":"<notes>"}' + +# Option: actionunban +# Notes.: command executed when unbanning an IP. Take care that the +# command is executed with Fail2Ban user rights. +# Tags: <ip> IP address +# <failures> number of failures +# <time> unix timestamp of the ban time +# Values: CMD +# +actionunban = id=$(curl -s -X GET "<_cf_api_url>" \ + --data-urlencode "mode=<cfmode>" --data-urlencode "notes=<notes>" --data-urlencode "configuration.target=<cftarget>" --data-urlencode "configuration.value=<ip>" \ + <_cf_api_prms> \ + | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \ + | tr -d ' "' \ + | head -n 1) + if [ -z "$id" ]; then echo "<name>: id for <ip> cannot be found using target <cftarget>"; exit 0; fi; \ + curl -s -X DELETE "<_cf_api_url>/$id" \ + <_cf_api_prms> \ + --data '{"cascade": "none"}' + +_cf_api_url = https://api.cloudflare.com/client/v4/zones/<cfzone>/firewall/access_rules/rules +_cf_api_prms = -H "Authorization: Bearer <cftoken>" -H "Content-Type: application/json" + +[Init] + +# Declare your Cloudflare Authorization Bearer Token in the [DEFAULT] section of your jail.local file. + +# The Cloudflare <ZONE_ID> of the domain you want to manage. +# +# cfzone = + +# Your personal Cloudflare token. Ideally restricted to just have "Zone.Firewall Services" permissions. +# +# cftoken = + +# Target of the firewall rule. Default is "ip" (v4). +# +cftarget = ip + +# The firewall mode Cloudflare should use. Default is "block" (deny access). +# Consider also "js_challenge" or other "allowed_modes" if you want. +# +cfmode = block + +# The message to include in the firewall IP banning rule. +# +notes = Fail2Ban <name> + +[Init?family=inet6] +cftarget = ip6 |
