If you are using CloudFlare and Config Server and Firewall (CSF) then you may wonder how to whitelist the CloudFlare IP’s since CSF has a few different allow and ignore locations.
According to CloudFlare post on “How do I whitelist CloudFlare’s IPs in .htaccess?“, at the bottom of this knowledge base article it states:
Please note: These ips should also be whitlelisted in /etc/csf.allow and /etc/csf.ignore.
If you want the IP’s listed in csf.allow automatically to be used by csf.ignore, then set the option IGNORE_ALLOW to be 1.
CloudFlare in front of CSF/LFD makes CSF/LFD stop blocking IPs at the firewall level.
CSF has IP blocks added by LFD, these blocks are either CloudFlare’s IP address (which is whitelisted and so not blocked) or the correct IP (if you have mod_cloudflare installed) but which won’t block anything, as the firewall sees CloudFlare’s IP not the true remote IP.
Solution:
http://www.aetherweb.co.uk/automatically-adding-configserver-firewall-csf-firewall-blocks-to-cloudflare/
HI Jaff,
I put this script on 2 of my servers and script give me the same errror
{“success”:false,”errors”:[{“code”:1006,”message”:”Invalid or missing IP address”}],”messages”:[],”result”:null} .
Thx
Try the following:
#!/bin/bash
ip=$(printf “%q” $1)
no=$(printf “%q” $6)
curl -X POST “https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules”
-H “X-Auth-Email: [email protected]”
-H “X-Auth-Key: YOURCLOUDFLAREGLOBALAPICODE”
-H “Content-Type: application/json”
–data ‘{“mode”:”block”,”configuration”:{“target”:”ip”,”value”:”‘$ip'”},”notes”:”This rule is on because of an event that csf-lfd caught on date…
Tried downloading the script and receiving this error:
iptables v1.4.21: invalid port/service `80 -m state –state NEW -m recent –set –name 80′ specified
Try `iptables -h’ or ‘iptables –help’ for more information.
Error: iptables command [/sbin/iptables –wait -v -A INPUT ! -i lo -p tcp –dport “80 -m state –state NEW -m recent –set –name “80] failed, at line 2774