Fail2Ban-Dashboard---NPM/fail2ban/action.d/cloudflare.conf

[Definition]

# Blocks/unblocks IPs at the Cloudflare account level via the Access Rules API.
# Bans are enforced by Cloudflare before traffic reaches your server.
# Enable by setting CF_EMAIL + CF_APIKEY in docker-compose.yml.
#
# NOTE: Uses the user-level API — applies across all zones on your account.
# For zone-scoped rules replace the URL with:
#   https://api.cloudflare.com/client/v4/zones/<ZONE_ID>/firewall/access_rules/rules

actionban = curl -s -X POST \
              -H "X-Auth-Email: %(cf_email)s" \
              -H "X-Auth-Key: %(cf_apikey)s" \
              -H "Content-Type: application/json" \
              -d "{\"mode\":\"block\",\"configuration\":{\"target\":\"ip\",\"value\":\"<ip>\"},\"notes\":\"f2b-cc: <name>\"}" \
              "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
              > /dev/null 2>&1 || true

actionunban = RULE_ID=$(curl -s \
                -H "X-Auth-Email: %(cf_email)s" \
                -H "X-Auth-Key: %(cf_apikey)s" \
                "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?configuration_target=ip&configuration_value=<ip>&mode=block&page=1&per_page=1" | \
                jq -r '.result[0].id // empty' 2>/dev/null) ; \
              [ -n "$RULE_ID" ] && \
              curl -s -X DELETE \
                -H "X-Auth-Email: %(cf_email)s" \
                -H "X-Auth-Key: %(cf_apikey)s" \
                "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$RULE_ID" \
                > /dev/null 2>&1 || true

[Init]
cf_email  =
cf_apikey =