Comment on Low resource, Performant WAF
AustralianSimon@lemmy.world 4 weeks agoI have more than 50k but even that page doesn’t recommend it.
Top of that page
Recommendation: Use WAF custom rules instead
Cloudflare recommends that you create WAF custom rules instead of IP Access rules to perform IP-based or geography-based blocking (geoblocking):
- For IP-based blocking, use an IP list in the custom rule expression.
ArrowMax@feddit.org 4 weeks ago
WAF custom rules are more flexible, of course, and from a business perspective, I can understand why they would recommend that option instead.
I currently filter on an nginx access log file among other filters (sshd, bot-search, bad-requests) and let fail2ban execute the ban/unban action itself.
From a quick search, it should be possible to handle bans/unbans externally, if that’s what you’re after.
AustralianSimon@lemmy.world 4 weeks ago
No I think f2b handling it would be totally fine for me. Kids got in the way with digging around too much but will try this week.