+
1 2 2
  1. #1
    Status
    Offline
      Rise Company
    Engineering and Technology
    Apr 2014
    Egypt
    4,611
    10

    CSF Firewall Cloudflare


    CSF Firewall Cloudflare
    mod_remoteip whm/cpanel
    Whitelist Cloudflare IPS - Easiest way to install mod_cloudflare on latest CPanel
    mod_remoteip - CSF banning cloudflare ip - mod_cloudflare for Apache

    :


    !!!








    1- (Deny / Whitelist )

    Allow Ignore
    Allow ports
    ignore

    : csf deny
    15 12-2021
    https://www.cloudflare.com/ips-v4

    :
    173.245.48.0/20
    103.21.244.0/22
    103.22.200.0/22
    103.31.4.0/22
    141.101.64.0/18
    108.162.192.0/18
    190.93.240.0/20
    188.114.96.0/20
    197.234.240.0/22
    198.41.128.0/17
    162.158.0.0/15
    104.16.0.0/13
    104.24.0.0/14
    172.64.0.0/13
    131.0.72.0/22

    .

    whm terminal

    :
    nano /etc/csf/csf.ignore
    ctrl+x y


    : ! Deny !!! Ignore
    2- (mod_remoteip)

    whm
    Home Software EasyApache 4 Apache Modules
    mod_remoteip next Provision



    :
    https://www.cloudflare.com/ips-v4
    https://forums.cpanel.net/threads/cl...alerts.520411/
    https://forums.cpanel.net/threads/wh...re-ips.646089/
    https://forums.cpanel.net/threads/cs...are-ip.670965/
    https://github.com/cloudflare/mod_cloudflare
    https://support.cloudflare.com/hc/en...cles/200170786

    ------------------------------------------------------------------------
    Rise Company for Engineering & Technology
    ------------------------------------------------------------------------
    Web Hosting | Web Designing | E-Marketing

    # 1 Business Services

    Web Hosting - Business Emails

    Web Design - Google Adwords

    www.rise.company | www.rise.company/emails

    :
    ! .



  2. #2
    Status
    Offline
      Rise Company
    Engineering and Technology
    Apr 2014
    Egypt
    4,611
    10

    : CSF Firewall Cloudflare

    Do not "Allow" cloudflare ranges. This only opens ports to them and is unnecessary. You need to add their ranges to /etc/csf/csf.ignore (NOT csf.allow) and fully restart both csf and lfd via WHM. This will stop CSF from blocking those IPs while still allowing ModSecurity to block individual bad requests.

    Obviously once that is done, audit csf.deny and remove any cloudflare IP addresses (or just remove any addresses which you did not add manually, and allow the blocks to repopulate).

    CloudFlare IP Ranges | CloudFlare | The web performance & security company

    ---------------------------

    You also may want to look at switching from mod_cloudflare since it's no longer supported or maintained by CloudFlare

    https://support.cloudflare.com/hc/en...mod-cloudflare said:
    Cloudflare no longer updates and supports mod_cloudflare, starting with versions Debian 9 *and *Ubuntu 18.04 LTS of the Linux operating system. We now support mod_remoteip for customers using Apache web servers. Customers who are interested in building the mod_cloudflare package can download the codebase from GitHub.
    mod_remoteip is the recommended method for this now and I wrote a pretty detailed how-to on this not very long ago which you can find here: Easiest way to install mod_cloudflare on latest CPanel since it's not available in EA?

    Also, ConfigServer Firewall Comes prebuilt with CloudFlare IP's integrated this is detailed in Section 27 of their readme.txt file:

    https://download.configserver.com/csf/readme.txt said:
    27. CloudFlare
    ##############

    This features provides interaction with the CloudFlare Firewall.

    As CloudFlare is a reverse proxy, any attacking IP addresses (so far as
    iptables is concerned) come from the CloudFlare IP's. To counter this, an
    Apache module (mod_cloudflare) is available that obtains the true attackers
    IP from a custom HTTP header record (similar functionality is available
    for other HTTP daemons.

    However, despite now knowing the true attacking IP address, iptables cannot
    be used to block that IP as the traffic is still coming from the CloudFlare
    servers.

    CloudFlare have provided a Firewall feature within the user account where
    rules can be added to block, challenge or whitelist IP addresses.

    Using the CloudFlare API, this feature adds and removes attacking IPs from that
    firewall and provides CLI (and via the UI) additional commands.

    There are several restrictions to using this feature:

    1. All lfd blocks will be temporary blocks so that csf/lfd can keep blocks in
    sync with CloudFlare

    2. Automatic blocks via lfd are limited to LF_MODSEC and LF_CXS triggers as
    only through these can the domain name be determined. Any users that own
    domains that are involved in the trigger will get a block in their
    CloudFlare Firewall. Additionally, any users with the special case "any"
    will also get blocks

    3. The temporary/permanent config of the lfd settings are ignored and CF_TEMP
    is used instead

    4. LF_TRIGGER must not be used, the feature will not work with it enabled

    5. mod_cloudflare or similar must be used to report real IP in the Apache logs

    6. URLGET must be set to 2 (i.e. LWP) must be used

    7. If PERMBLOCK is used, the last tempblock will remain and never be cleared.
    So any CloudFlare Firewall entries must be manually cleared in CloudFlare
    or via CLI


    8. There are restrictions imposed by CloudFlare to the number of rules that
    can be created depending on the type of account used. See
    https://goo.gl/ssGu7v for more information

    9. When restarting csf, any old temporary blocks will still be created for lfd
    to clear when it restarts

    10. All interaction with CloudFlare is at User-level, not Zone-level

    11. If using the CloudFlare cPanel user plugin, it must be v7+

    CF_TEMP should be configured taking into account the maximum number of rules
    that the CloudFlare account allows: https://goo.gl/ssGu7v

    All CloudFlare users for the domains that are involved in LF_MODSEC and
    LF_CXS triggers will have a CloudFlare rule added. Any CloudFlare account
    configured to use the special case "any" field value in csf.cloudflare will
    have a CloudFlare rule added regardless of domain.

    NOTE: You should always list the CloudFlare IP addresses in /etc/csf/csf.ignore
    to prevent them from being blocked by lfd from IP Ranges | Cloudflare

    ------------------------------------------------------------------------
    Rise Company for Engineering & Technology
    ------------------------------------------------------------------------
    Web Hosting | Web Designing | E-Marketing

    # 1 Business Services

    Web Hosting - Business Emails

    Web Design - Google Adwords

    www.rise.company | www.rise.company/emails

    :
    ! .



  1. CloudFlare known bots List
    Rise Company CloudFlare
    : 0
    : 08-10-2021, 19:56
  2. : 0
    : 08-10-2021, 19:43
  3. FortiGate Firewall Sophos Firewall
    Rise Company Rise Security
    : 0
    : 23-06-2021, 01:39
  4. CloudFlare CSF visitors original IP
    Rise Company CloudFlare
    : 0
    : 16-12-2020, 01:33
  5. : 0
    : 02-08-2019, 22:17