Fail2Ban + Cloudflare

May 30, 2019 · 1 min read · Tutorial Cloudflare ·

Share on:

When protecting a server fail2ban is a great tool for the job. It reads log files and bans IPs that show signs of malicious activity. There is a lot of support for and it can integrate well with other applications.

How I Use it

I use CloudFlare on all my sites. This means that when you connect to any of my sites, you connect to cloudflare then CloudFlare connects to my site. Because of this, I have an rule in nginx (which I added a the bottom) that blocks any connections that attempt to connect directly to my server. I decided to increase the protection that I had on my server by creating a filter in fail2ban. I made it so connections are blocked for 5 minutes if the connection is made from an IP that is not from CloudFlare.

Fail2ban filter configuration and instructions here

Nginx Rule

 1#Allow Cloudflare IPs  
 2#Retrieved from https://www.cloudflare.com/ips/  
 3allow 173.245.48.0/20;  
 4allow 103.21.244.0/22;  
 5allow 103.22.200.0/22;  
 6allow 103.31.4.0/22;  
 7allow 141.101.64.0/18;  
 8allow 108.162.192.0/18;  
 9allow 190.93.240.0/20;  
10allow 188.114.96.0/20;  
11allow 197.234.240.0/22;  
12allow 198.41.128.0/17;  
13allow 162.158.0.0/15;  
14allow 104.16.0.0/12;  
15allow 172.64.0.0/13;  
16allow 131.0.72.0/22;  
17allow 2400:cb00::/32;  
18allow 2606:4700::/32;  
19allow 2803:f800::/32;  
20allow 2405:b500::/32;  
21allow 2405:8100::/32;  
22allow 2a06:98c0::/29;  
23allow 2c0f:f248::/32;  
24  
25#Block all other IPs from connecting  
26deny all;