Comment on Low resource, Performant WAF
ArrowMax@feddit.org 5 weeks ago
FYI, IP access rules don’t count towards the 5 custom rules limit, but the more generous 50k limit.
With fail2ban, you can setup IP access rules via the cftoken-action quite easily.
Security --> WAF --> Tools to access the IP rules in the dashboard. developers.cloudflare.com/waf/…/ip-access-rules/
AustralianSimon@lemmy.world 5 weeks ago
I have more than 50k but even that page doesn’t recommend it.
Top of that page
Cloudflare recommends that you create WAF custom rules instead of IP Access rules to perform IP-based or geography-based blocking (geoblocking):
ArrowMax@feddit.org 5 weeks ago
WAF custom rules are more flexible, of course, and from a business perspective, I can understand why they would recommend that option instead.
I currently filter on an nginx access log file among other filters (sshd, bot-search, bad-requests) and let fail2ban execute the ban/unban action itself.
From a quick search, it should be possible to handle bans/unbans externally, if that’s what you’re after.
AustralianSimon@lemmy.world 5 weeks ago
No I think f2b handling it would be totally fine for me. Kids got in the way with digging around too much but will try this week.