I’m running a website that is getting a lot of bot traffic and found Cloudflare free rule tier to be a bit limiting. (5 custom rules with length limits)
Ive got subnets for major VPS providers to block and will run analysis against my traffic to build on these lists.
What do others do?
I’m contemplating my Cloudflared tunnel into Crowdsec to my app.
Xanza@lemm.ee 4 weeks ago
github.com/fail2ban/fail2ban
You can set
dbpurgeage
to30d
and pretty much just run it. It’s appeal is that you basically can download it, enable it, and it just works for you. It depends on your environment, though. If you have incoming authorized requests from other services it might be a pain to configure, but I’ve never used anything easier to protect you from bad actors.AustralianSimon@lemmy.world 4 weeks ago
I’ve used it on a machine before but given I am using a cloudflared container for ingress, can I route my traffic through a f2b container to the app? This might be ideal from a co fig perspective.
Xanza@lemm.ee 4 weeks ago
Yes, you just have to enable the built-in plugin for cloudflared: github.com/fail2ban/fail2ban/…/cloudflare.conf
computergeek125@lemmy.world 4 weeks ago
fail2ban isn’t a WAF?