For instructions for how to enable Cloudflare support visit here
Cloudflare firewall - CF_ENABLE
Enable the Cloudflare Firewall. Cloudflare have provided a Firewall feature within the user account where rules can be added to block, challenge or whitelist IP addresses.
Using the Cloudflare API, this feature adds and removes attacking IPs from that firewall and provides CLI (and via the UI) additional commands.
Default: 0
Cloudflare mode - CF_BLOCK
This can be set to either "block" or "challenge". Block: Block will simply block the request entirely, with no option to bypass it for that request. Challenge: Will display a challenge (CAPTCHA) page that must be completed before the request in question is allowed access.
Default: block
Cloudflare block time - CF_TEMP
This setting determines how long the temporary block will apply within csf and Cloudflare, keeping them in sync. Block duration in seconds - overrides perm block or time of individual blocks in lfd for block triggers.
This should be configured taking into account the maximum number of rules that the Cloudflare account allows.
Default: 3600
Configure the Cloudflare API accounts for use with the CloudFlare Firewall. It is controlled by the file /etc/csf/csf.cloudflare
Formats:
# CloudFlare client credientials for any domain triggered:
DOMAIN:any:USER:myuser:CFACCOUNT:sales@example.com:CFAPIKEY:12345abcdef6789
# CloudFlare client credientials for example.com involved in trigger:
DOMAIN:example.com:USER:myuser:CFACCOUNT:sales@example.com:CFAPIKEY:12345abcdef6789| Entry | Description | Example |
|---|---|---|
| DOMAIN | Domain name or enter "any" (no quotes) to match all triggers regardless of domain name | example.com or any |
| USER | A unique name for the entry, but does not have to be a local linux account name | myuser |
| CFACCOUNT | The CloudFlare login user (email address) | sales@example.com |
| CFAPIKEY | The Cloudflare Client API Key | 12345abcdef6789 |