Title: CloudFlare Support
Last modified: August 22, 2016

---

# CloudFlare Support

 *  [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * (@agilisit)
 * [11 years, 10 months ago](https://wordpress.org/support/topic/cloudflare-support/)
 * Hey mate
 * Great plugin, I use it extensively. It would be great if by default, CF-Connecting-
   IP was returned as the remote address (otherwise it’ll show the Railgun IP instead
   on a Pro/Business account), or that PROXIES was turned on by default as so many
   networks these days are proxied via nginx or similar.
 * Cheers
 * [https://wordpress.org/plugins/wp-fail2ban/](https://wordpress.org/plugins/wp-fail2ban/)

Viewing 15 replies - 1 through 15 (of 19 total)

1 [2](https://wordpress.org/support/topic/cloudflare-support/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/cloudflare-support/page/2/?output_format=md)

 *  [Viktor Szépe](https://wordpress.org/support/users/szepeviktor/)
 * (@szepeviktor)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176914)
 * On CF you shouldn’t use fail2ban because fail2ban would block CF servers not 
   clients.
 * I wrote a piece of code for CF API to block IP addresses.
    Are you interested
   in?
 *  Thread Starter [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * (@agilisit)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176915)
 * Hi,
 * Fix and fixed – mod_cloudflare makes Apache2 log the real visitor IP. Then we’ve
   mad a fail2ban action that bans the IP using the CF API since iptables is no 
   longer effective.
 * Thanks
 *  [Viktor Szépe](https://wordpress.org/support/users/szepeviktor/)
 * (@szepeviktor)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176916)
 * If you reach thousands of IPs:
    [https://gist.github.com/szepeviktor/d717a921a9c0d87ef622](https://gist.github.com/szepeviktor/d717a921a9c0d87ef622)
 *  Thread Starter [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * (@agilisit)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176917)
 * Cheers. Currently we’re doing about 16,000 unique IPs per week but that’s manageable.
 * We also have another WP plugin that stops PHP executing for any IPs after 3 failed
   login attempts – as sometime CF can take a few minutes to update.
 * The combination of CF blocking fail2ban IPs and PHP not responding seems to work
   well 🙂
 * Thanks for the link!
 *  [Viktor Szépe](https://wordpress.org/support/users/szepeviktor/)
 * (@szepeviktor)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176918)
 * Would you mind to share that action?
    [https://github.com/fail2ban/fail2ban](https://github.com/fail2ban/fail2ban)
 *  [Viktor Szépe](https://wordpress.org/support/users/szepeviktor/)
 * (@szepeviktor)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176919)
 * This is my general WP fail2ban plugin
    [https://github.com/szepeviktor/wordpress-plugin-construction/blob/master/wordpress-fail2ban/mu-plugin/errorlog-404.php](https://github.com/szepeviktor/wordpress-plugin-construction/blob/master/wordpress-fail2ban/mu-plugin/errorlog-404.php)
 * And this is very strict login checker
    [https://github.com/szepeviktor/wordpress-plugin-construction/blob/master/mu-wordpress-block-bad-requests/wp-login-bad-request.inc.php](https://github.com/szepeviktor/wordpress-plugin-construction/blob/master/mu-wordpress-block-bad-requests/wp-login-bad-request.inc.php)
 *  Thread Starter [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * (@agilisit)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176920)
 * Hi,
 * When I get the CF API working reliably I will, I don’t want to share shoddy code.
   Haha.
 * The main bit that’s working well is an action that logs IPS to a file, then a
   WP filter that prevents PHP execution:
 * `actionban = echo <ip> | awk -F\. '{print ($4)+($3*256)+($2*256*256)+($1*256*
   256*256) d}' "d=,$(date)" >> /etc/agilis-banned-ips`
 * (storing in int format for speed)
 *     ```
       function agilis_login_filter_ips() {
               $handle = fopen("/etc/agilis-banned-ips", "r");
   
               if($handle) {
                       while(($line = fgets($handle)) !== false) {
                               $linearray = explode(',', $line);
                               if(count($linearray) > 0 && ip2long(agilis_get_ip()) == $linearray[0]) {
                                       echo '<h2>Banned</h2>';
                                       echo '<p><strong>IP:</strong> ' . long2ip($linearray[0]) . '</p>';
                                       if(count($linearray) > 1) { echo '<p><strong>Since:</strong> ' . $linearray[1] . '</p>'; }
                                       echo '<br/><em>Agilis Login Filter</em>';
                                       if(function_exists('http_response_code')) {
                                               http_response_code(503);
                                       } else {
                                               header((isset($_SERVER['SERVER_PROTOCOL']) ? $_SERVER['SERVER_PROTOCOL'] : 'HTTP/1.0') . ' 503 Service Unavailable');
                                               $GLOBALS['http_response_code'] = 503;
                                       }
                                       exit;
                               }
                       }
               } else {
                       echo 'Error reading file';
               }
   
               fclose($handle);
       }
       add_action('login_form_login', 'agilis_login_filter_ips');
       ```
   
 *  Thread Starter [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * (@agilisit)
 * [11 years, 9 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176921)
 * Oh and nice code, I might pinch some of that.
 * I’ll probably create a Google Code project for this plugin when it grows.
 *  [Damian](https://wordpress.org/support/users/timersys/)
 * (@timersys)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176991)
 * Hi Guys I use cloudflare and I have installed the cloudflare apache module, but
   Im not saavy on iptable and failban. Could you provide some simple instructions
   to make this work with cloudflare?
 *  Thread Starter [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * (@agilisit)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176992)
 * Hey Damian,
 * Yeah we would be happy to help you out – want to PM me some more details and 
   I’ll send you some instructions specific to your situation?
 * eg: operating system and version, use case, server type, etc.
 * Cheers
 *  [Damian](https://wordpress.org/support/users/timersys/)
 * (@timersys)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176993)
 * Sure Im running on debian 7.8 + nginx + php-fpm. If you want, give me an email
   or write me to info at timersys.com
 * Thanks for your help!
 *  Thread Starter [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * (@agilisit)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176994)
 * Hey Damian,
 * Ah okay the Apache module won’t be a huge help to you there – nginx uses it’s
   own modules.
 * I’m not too up to scratch on nginx, but [https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-](https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-)
   show’s that you can use the RealIP module and then give it the CF IP range and
   header attribute 🙂
 * I hope that helps!
 *  [Damian](https://wordpress.org/support/users/timersys/)
 * (@timersys)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176995)
 * Sorry when I said I have apache module installed I meant that I already got nginx
   configured to show real ip. What I don’t know is how to move from there
 * I usually have two types of attackes xml-rcp and post request to wp-login.php
 *  [Viktor Szépe](https://wordpress.org/support/users/szepeviktor/)
 * (@szepeviktor)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176996)
 * Dear Damian!
 * We are in the same shoes.
 * I log WP attacks into the webserver’s (Apache or Nginx) error log.
    BTW I am 
   a fail2ban contributor.
 * Please see my VERY STRICT home made solution for your (our) problem
    [https://github.com/szepeviktor/wordpress-plugin-construction/tree/master/wordpress-fail2ban](https://github.com/szepeviktor/wordpress-plugin-construction/tree/master/wordpress-fail2ban)
   The corresponding fail2ban settings [https://github.com/szepeviktor/debian-server-tools/tree/master/security/fail2ban-conf](https://github.com/szepeviktor/debian-server-tools/tree/master/security/fail2ban-conf)
 * “block-bad-requests” is the PHP part that should run from wp-config, the mu plugin
   is the WP part that prepares for the worst attacks. So these two are not like
   a normal WP plugin as I think a normal plugin is executed way too late. Please
   see the subdirs and the comments in the source code.
 * Please DO NOT use fail2ban in a CF setup!
    If you are able to develop a plugin(
   actually copy&paste) then your solution is ready. You need to replace the `trigger()`
   function with [https://github.com/szepeviktor/wordpress-plugin-construction/blob/master/wordpress-fail2ban/ban-methods/f2b-tarpit-CF-apache-WP-LLA-itsec-LSEC.php#L75-L98](https://github.com/szepeviktor/wordpress-plugin-construction/blob/master/wordpress-fail2ban/ban-methods/f2b-tarpit-CF-apache-WP-LLA-itsec-LSEC.php#L75-L98)
   Your contacting IP is always a CF IP so you shouldn’t (fail2)ban those. Actually
   I white-list contacting CF IP-s in my fail2ban config. These few lines above 
   communicate with the CF API, it calls functions from the “CloudFlare” plugin 
   so you need that plugin installed also. [https://wordpress.org/plugins/cloudflare/](https://wordpress.org/plugins/cloudflare/)
 * After a few months you’ll have zillions of IP-s blocked:
    [https://gist.github.com/szepeviktor/d717a921a9c0d87ef622](https://gist.github.com/szepeviktor/d717a921a9c0d87ef622)
 * All the best wishes to you!
 *  [Viktor Szépe](https://wordpress.org/support/users/szepeviktor/)
 * (@szepeviktor)
 * [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/#post-5176997)
 * After thinking about it a bit more.
    [https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf](https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf)
   I am surprised that I didn’t know about it.

Viewing 15 replies - 1 through 15 (of 19 total)

1 [2](https://wordpress.org/support/topic/cloudflare-support/page/2/?output_format=md)
[→](https://wordpress.org/support/topic/cloudflare-support/page/2/?output_format=md)

The topic ‘CloudFlare Support’ is closed to new replies.

 * ![](https://ps.w.org/wp-fail2ban/assets/icon-256x256.png?rev=2814701)
 * [WP fail2ban - Advanced Security](https://wordpress.org/plugins/wp-fail2ban/)
 * [Frequently Asked Questions](https://wordpress.org/plugins/wp-fail2ban/#faq)
 * [Support Threads](https://wordpress.org/support/plugin/wp-fail2ban/)
 * [Active Topics](https://wordpress.org/support/plugin/wp-fail2ban/active/)
 * [Unresolved Topics](https://wordpress.org/support/plugin/wp-fail2ban/unresolved/)
 * [Reviews](https://wordpress.org/support/plugin/wp-fail2ban/reviews/)

 * 19 replies
 * 3 participants
 * Last reply from: [AgilisIT](https://wordpress.org/support/users/agilisit/)
 * Last activity: [10 years, 11 months ago](https://wordpress.org/support/topic/cloudflare-support/page/2/#post-5177001)
 * Status: not resolved