Cloudflare Settings

Cloudflare Settings

• Make sure that the mod_cloudflare Apache module is installed and active. This can be done by installing the ServerShield by CloudFlare extension or manually using these instructions
• Make sure to add the Cloudflare IP addresses from https://www.cloudflare.com/ips/ to ignore permanently /etc/csf/csf.ignore to prevent them from being blocked by the login failure daemon.

Cloudflare firewall - CF_ENABLE
Enable the Cloudflare Firewall. Cloudflare have provided a Firewall feature within the user account where rules can be added to block, challenge or whitelist IP addresses. Using the Cloudflare API, this feature adds and removes attacking IPs from that firewall and provides CLI (and via the UI) additional commands.
Default: 0

Cloudflare mode - CF_BLOCK
This can be set to either "block" or "challenge".
block: Block will simply block the request entirely, with no option to bypass it for that request.
challenge: Will display a challenge (CAPTCHA) page that must be completed before the request in question is allowed access.
Default: block

Cloudflare block time - CF_TEMP
This setting determines how long the temporary block will apply within csf and Cloudflare, keeping them in sync. Block duration in seconds - overrides perm block or time of individual blocks in lfd for block triggers. This should be configured taking into account the maximum number of rules that the Cloudflare account allows.
Default: 3600

Cloudflare Users

Configure the Cloudflare API accounts for use with the CloudFlare Firewall. It is controlled by the file /etc/csf/csf.cloudflare

Formats:

# CloudFlare client credientials for any domain triggered:
DOMAIN:any:USER:myuser:CFACCOUNT:sales@example.com:CFAPIKEY:12345abcdef6789

# CloudFlare client credientials for example.com involved in trigger:
DOMAIN:example.com:USER:myuser:CFACCOUNT:sales@example.com:CFAPIKEY:12345abcdef6789
Entry Description Example
DOMAIN Domain name or enter "any" (no quotes) to match all triggers regardless of domain name example.com or any
USER A unique name for the entry, but does not have to be a local linux account name myuser
CFACCOUNT The CloudFlare login user (email address) sales@example.com
CFAPIKEY The Cloudflare Client API Key 12345abcdef6789

Related Pages