Nginx

Cloudflare 的 Fail2ban 解禁操作失敗

  • October 22, 2019

我正在嘗試使用本指南使用 fail2ban 設置 Cloudflare 阻止,雖然它正確禁止了 IP,但 fail2ban 在超時或使用手動 shell 命令後無法從 Cloudflare 解除 IP。它總是返回 400 Bad Request 錯誤。

難道我做錯了什麼?

這是相關的 cURL 命令:

actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
         curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
         -H "X-Auth-Email: <cfuser>" \
         -H "X-Auth-Key: <cftoken>" \
         -H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1)" \
         -H "X-Auth-Email: <cfuser>" \
         -H "X-Auth-Key: <cftoken>" \
         -H "Content-Type: application/json"

更新:我可以單獨執行上面提到的嵌套 cURL 命令,它們會返回正確的響應。

看起來 Cloudflare 已經調整了他們的 API 以返回格式化的 JSON(以前返回的 JSON 在一行上)。您應該能夠通過在管道到 awk 命令之前去除換行符來解決問題:

actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
     curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
     -H "X-Auth-Email: <cfuser>" \
     -H "X-Auth-Key: <cftoken>" \
     -H "Content-Type: application/json" | tr -d '\n' | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1)" \
     -H "X-Auth-Email: <cfuser>" \
     -H "X-Auth-Key: <cftoken>" \
     -H "Content-Type: application/json"

您可能還想換成 Fail2ban 0.10 附帶的新 Cloudflare 過濾器,因為它更簡潔:

actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
       -H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "<ip>" } }' \
       https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules

actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
         https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
         'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)

引用自:https://serverfault.com/questions/910940

相關問答

Nginx

複製使用 Cloudflare for SSL 的網路伺服器後如何解決“400 Bad Request”?

  • November 9, 2022
檢視問答
Nginx

Fail2ban ipset - 使用哪個 conf?

  • November 5, 2021
檢視問答
Nginx

CloudFlare 在沒有 HTTPS 的情況下給出錯誤 522

  • September 15, 2021
檢視問答
Nginx

fail2ban 檢測到攻擊者 IP 但沒有禁止它,並且讀取日誌很慢

  • September 6, 2021
檢視問答
Nginx

在 NGINX 中啟用 HTTP2 時 NGINX / Cloudflare 隨機 520 HTTP 錯誤

  • July 18, 2021
檢視問答
Nginx

Fail2ban 禁止不在日誌中的奇數 IP 地址(0.0.0.4、0.0.0.5 等)

  • March 16, 2021
檢視問答