The broad context right here is that I want for the firewall (pf) to have the ability to ban sure IP’s from accessing the web site.
I first restore the origin IP within the web-server (Nginx) logs. Then I take advantage of fail2ban to ban sure IPs. The IPs get added within the tables alright, and are unable to make ssh requests. However they’re nonetheless in a position to entry the web sites. It is because, within the incoming requests, the firewall sees the Cloudflare IPs and never the origin IPs. It is just the webserver that is ready to restore the origin IP. So the blocking occurs once I disable Cloudflare caching. Within the hierarchy, first comes Cloudflare, then the firewall, then nginx, then fail2ban.
I would like the offending IPs to be blocked on the firewall degree, with out ever attending to the web-server. Is there a method I can do that – block the offending IPs on the firewall degree?