Cloudflare IPs

Post Reply
komir
Junior Member
Posts: 1
Joined: 23 Oct 2017, 11:01

Cloudflare IPs

Post by komir »

Hi, first of all, sorry for my English, because it is not my native language and hopes you will understand my needs.

I have the problem with traffic what comes from CloudFlare.
Problem is, the firewall is not blocking traffic from Cloudflare because I have Cloudflare IPs in firewall allow.

Code: Select all

Time:     Sun Oct 22 13:17:49 2017 +0200
IP:       162.158.90.225 (DE/Germany/-)
Failures: 3 (mod_security)
Interval: 3600 seconds
Blocked:  Temporary Block (IP match in csf.allow, block may not work)
Is there a way to see real IP from the visitor, so firewall can block "bad requests"?

I have installed mod_cloudflare. In firewall have "CloudFlare Firewall" but can't figure how to configure /etc/csf/csf.cloudflare. I have read readme but can't figure how to correctly configure that part
Top
jamesstormer
Junior Member
Posts: 2
Joined: 24 Oct 2017, 17:22

Re: Cloudflare IPs

Post by jamesstormer »

komir,

It's pretty easy actually.

First, I am assuming you are using cpanel integration yes?

If not, ignore everything I say.

You need to first login to the respective cloudflare account and get the API key.
In cloudflare, upper right, down arrow, "My Profile". Scroll down, where Global API key is, hit blue button. Copy that API key.

Throw it in the csf.cloudflare file like so...
DOMAIN:any:USER:-cpanel-user-name-here:CFACCOUNT:cloudflare-email-address-here:CFAPIKEY:XXXXXX

Where:
-cpanel-user-name-here = cpanelusername
cloudflare-email-address-here - cloudflare login
XXXXXXX = cloudflare api key.

You need to do that for "each" domain on your server that is using cloudflare. ALL of them need to be listed. That may mean you have to contact each client that is using cloudflare and ask them for their login or explain to them how to get their API key as I have above.

Once that is in the csf.cloudflare then you need to edit the csf.conf and update these entries...

CF_ENABLE = "1"
CF_CPANEL = "" (I don't use this option)
CF_BLOCK = "block"
CF_TEMP = "259200" (i want them gone for at least 3 days)

Once you do that, restart the csf/lfd.

Then when you go back to the csf and click the "other' tab you'll find the cloudflare buttons to manage the cloudflare.

The fact you are still seeing the actual cloudflare IP addresses is interesting. Are you absolutely positive you have installed the mod_cloudflare apache module? Once that is installed you should not be seeing the cloudflare IP addresses in your logs....

Of note on this... the csf cloudflare only works to block mod_security blocks and cxs blocks.. It won't block smtp/ftp/ssh blocks. And that is fine because cloudflare doesn't route their proxy ips through those ports anyway so csf will block their real ip anyway.

Hope that helps.

James
Top
Post Reply

Return to “General Discussion (csf)”