[Definition] # ── Cloudflare IP Access Rules action ──────────────────────────────────────── # # Blocks/unblocks IPs at the Cloudflare account level via the Access Rules API. # When enabled, a ban will be enforced by Cloudflare before traffic even # reaches your server — the most effective layer for high-volume attackers. # # SETUP: # 1. Get your Global API Key from: # https://dash.cloudflare.com/profile/api-tokens # 2. Set CF_EMAIL and CF_APIKEY in your .env file # 3. Use docker-compose.cloudflare.yml instead of docker-compose.yml # # NOTE: This uses the user-level Access Rules API, which applies the block # across all zones on your Cloudflare account. For zone-scoped rules, # replace the URL with: # https://api.cloudflare.com/client/v4/zones//firewall/access_rules/rules # ───────────────────────────────────────────────────────────────────────────── actionban = curl -s -X POST \ -H "X-Auth-Email: %(cf_email)s" \ -H "X-Auth-Key: %(cf_apikey)s" \ -H "Content-Type: application/json" \ -d "{\"mode\":\"block\",\"configuration\":{\"target\":\"ip\",\"value\":\"\"},\"notes\":\"f2b-cc: \"}" \ "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \ > /dev/null 2>&1 || true actionunban = RULE_ID=$(curl -s \ -H "X-Auth-Email: %(cf_email)s" \ -H "X-Auth-Key: %(cf_apikey)s" \ "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?configuration_target=ip&configuration_value=&mode=block&page=1&per_page=1" | \ python3 -c "import sys,json; r=json.load(sys.stdin).get('result',[]); print(r[0]['id'] if r else '')" 2>/dev/null) ; \ [ -n "$RULE_ID" ] && \ curl -s -X DELETE \ -H "X-Auth-Email: %(cf_email)s" \ -H "X-Auth-Key: %(cf_apikey)s" \ "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$RULE_ID" \ > /dev/null 2>&1 || true [Init] # Populated from environment via jail.local — do not set here cf_email = cf_apikey =