HOW CAN I AUTOMATE REMOVING IPS FROM CLOUDFLARE OR AWS WAF AFTER THE FAIL2BAN BAN EXPIRES?

How can I automate removing IPs from Cloudflare or AWS WAF after the Fail2Ban ban expires?

How can I automate removing IPs from Cloudflare or AWS WAF after the Fail2Ban ban expires?

Blog Article

How can I 스포츠중계 automate removing IPs from Cloudflare or AWS WAF after the Fail2Ban ban expires?


To automatically remove banned IPs from Cloudflare or AWS WAF once the Fail2Ban ban expires, you'll need to implement a script or scheduled job that checks the ban expiry time, and once the ban time is up, it triggers the API call to unblock the IP. This requires automating the process of tracking IP ban durations and interacting with Cloudflare or AWS WAF APIs.


Here’s how you can automate the unblocking process:






1. Automating Cloudflare IP Unban After Fail2Ban Ban Expires


Step 1: Modify Fail2Ban to Store Ban Expiry Times


Fail2Ban doesn't store the exact time of a ban expiry, but you can use its log file to calculate when a ban should expire.


In your Fail2Ban jail configuration, set the bantime (e.g., 1 hour) and store that information:




ini






bantime = 3600 # 1 hour findtime = 600 # Look for offenses within 10 minutes


Step 2: Create a Script to Track Expiry and Unban via Cloudflare


Create a script that will:





  1. Monitor Fail2Ban's log file for banned IPs.




  2. Calculate when the ban will expire (based on bantime).




  3. Use the Cloudflare API to unban the IP after the 스포츠중계  ban expires.




Example script: /usr/local/bin/automated-cloudflare-unban.sh




bash






#!/bin/bash # Cloudflare API token and zone ID CF_API_TOKEN="YOUR_API_TOKEN" ZONE_ID="YOUR_ZONE_ID" # Fetch list of banned IPs from Fail2Ban log BANNED_IPS=$(grep "Ban" /var/log/fail2ban.log | awk '{print $NF}') for IP in $BANNED_IPS; do # Check if the ban duration is over BAN_TIME=$(grep "$IP" /var/log/fail2ban.log | tail -n 1 | awk '{print $1" "$2" "$3}') BAN_TIMESTAMP=$(date -d "$BAN_TIME" +%s) CURRENT_TIME=$(date +%s) EXPIRY_TIME=$((BAN_TIMESTAMP + 3600)) # 3600 seconds for 1 hour ban time if [ $CURRENT_TIME -ge $EXPIRY_TIME ]; then # If the ban time has passed, unban the IP from Cloudflare curl -X DELETE "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/firewall/access_rules/rules/<rule_id>" -H "Authorization: Bearer $CF_API_TOKEN" echo "Unbanned IP $IP from Cloudflare" fi done


Important:





  • Replace <rule_id> with the actual rule ID Cloudflare generates when you add a firewall rule. This may require querying Cloudflare API to get the rule_id of the previously blocked IP.




  • Adjust 3600 in EXPIRY_TIME according to your ban duration (bantime).




Step 3: Schedule the Script to Run Periodically


Set up a cron job to run the unban script at regular intervals (e.g., every 5 minutes):




bash






crontab -e


Add the following line to schedule the script:




bash






*/5 * * * * /usr/local/bin/automated-cloudflare-unban.sh


This will ensure that Fail2Ban-banned IPs are automatically unbanned 스포츠중계  from Cloudflare once the ban time expires.

Report this page