Firewall - blocked IPs still showing in access logs

Community Support
1

Hi,

I have a server with multiple Wordpress installations and want to ban any IP that makes multiple POST requests to xmlrpc.php or wp-login.php using Fail2Ban.

I’ve successfully setup a regex filter which Fail2Ban is matching and then successfully adding IPs to iptables or routes depending on what’s configured in F2B jail.

However site access logs still show these banned IPs getting through.

Is there some sort of proxy that’s allowing these requests through the firewall? I’m using multiPHP.

Thanks again.

1 Like
2

I’ve realised the issue was that I was using Cloudflare in front of many of the domains on the server and therefore needing to use Cloudflare API v4 to ban and unban IPs as per https://guides.wp-bullet.com/integrate-fail2ban-cloudflare-api-v4-guide/

The action already exists /etc/fail2ban/action.d/cloudflare.conf

3

Thank you! Same issue here