CSF not blocking when mod_security rule triggered via CloudFlare
Posted: 16 Jul 2021, 14:20
When CF_ENABLED is set to 1, Is there a log of CSF's interactions with CloudFlare?
I have mod_remote IP setup and working, mod_security is setup and working, and in the LFD log I can trigger the mod_security rules and see a block come up (I am testing via TOR):
The IP address shown is the IP address of the TOR exit node, which is what I am expecting to see, not the CloudFlare IP.
I have configured an entry for the domain in /etc/csf/csf.cloudflare:
If I click on the CloudFlare button in CSF and select the account, it seems to be talking to CloudFlare, in that it doesn't show and error when I hit the CF List Rules button. But there are no rules displayed, and the browser is not blocked.
CF_ENABLE = 1
CF_CPANEL = 0
CF_BLOCK = block
CF_TEMP = 86400
CT_SUBNET_LIMIT = 0
What am I missing? How can I determine if CSF is attempting to communicate the block to CloudFlare and diagnose the issue?
I have mod_remote IP setup and working, mod_security is setup and working, and in the LFD log I can trigger the mod_security rules and see a block come up (I am testing via TOR):
Code: Select all
Jul 16 23:01:42 myserver lfd[34456]: (mod_security) mod_security (id:210860) triggered by 162.247.74.216 (US/United States/phoolandevi.tor-exit.calyxinstitute.org): 5 in the last 3600 secs (CF_ENABLE) - *Blocked in csf* for 86400 secs [LF_MODSEC]
I have configured an entry for the domain in /etc/csf/csf.cloudflare:
Code: Select all
DOMAIN:thedomain.com:USER:theacct:CFACCOUNT:my@cloudflareemail.com:CFAPIKEY:mycloudflareglobalapikey
CF_ENABLE = 1
CF_CPANEL = 0
CF_BLOCK = block
CF_TEMP = 86400
CT_SUBNET_LIMIT = 0
What am I missing? How can I determine if CSF is attempting to communicate the block to CloudFlare and diagnose the issue?