CSF+LFD with Cloudflare
Posted: 13 Jun 2017, 23:22
So it didn't take me long to realize that IP's are not actually being banned when using Cloudflare because iptables isn't looking for "X-Forwarded-For" in the header (is this even possible?) So the attack comes from Cloudflare IP, which of course is whitelisted, so the server is completely unprotected.
So after reading the documentation, I found BLOCK_REPORT which I can use to fire off an API call to Cloudflare to ban the IP. It works! ... well, sort of. When manually adding or removing IP addresses to CSF deny list using the "csf -d" or "csf -dr" respectively, CSF does not use my BLOCK_REPORT or UNBLOCK_REPORT scripts. Is this normal behavior? Shouldn't any manual banning or unbanning also use my scripts as defined? Or am I doing this all wrong?
So after reading the documentation, I found BLOCK_REPORT which I can use to fire off an API call to Cloudflare to ban the IP. It works! ... well, sort of. When manually adding or removing IP addresses to CSF deny list using the "csf -d" or "csf -dr" respectively, CSF does not use my BLOCK_REPORT or UNBLOCK_REPORT scripts. Is this normal behavior? Shouldn't any manual banning or unbanning also use my scripts as defined? Or am I doing this all wrong?