Cloudflare Settings

Cloudflare Settings

For instructions for how to enable Cloudflare support visit here

Cloudflare firewall - CF_ENABLE
Enable the Cloudflare Firewall. Cloudflare have provided a Firewall feature within the user account where rules can be added to block, challenge or whitelist IP addresses. Using the Cloudflare API, this feature adds and removes attacking IPs from that firewall and provides CLI (and via the UI) additional commands.
Default: 0

Cloudflare mode - CF_BLOCK
This can be set to either "block" or "challenge". Block: Block will simply block the request entirely, with no option to bypass it for that request. Challenge: Will display a challenge (CAPTCHA) page that must be completed before the request in question is allowed access.
Default: block

Cloudflare block time - CF_TEMP
This setting determines how long the temporary block will apply within csf and Cloudflare, keeping them in sync. Block duration in seconds - overrides perm block or time of individual blocks in lfd for block triggers. This should be configured taking into account the maximum number of rules that the Cloudflare account allows.
Default: 3600

Cloudflare Users

Configure the Cloudflare API accounts for use with the CloudFlare Firewall. It is controlled by the file /etc/csf/csf.cloudflare


# CloudFlare client credientials for any domain triggered:

# CloudFlare client credientials for involved in trigger:
Entry Description Example
DOMAIN Domain name or enter "any" (no quotes) to match all triggers regardless of domain name or any
USER A unique name for the entry, but does not have to be a local linux account name myuser
CFACCOUNT The CloudFlare login user (email address)
CFAPIKEY The Cloudflare Client API Key 12345abcdef6789