neilgee/cloudflare.conf

## cloudflare.conf
#
# Author: Mike Andreasen from https://guides.wp-bullet.com
# Adapted Source: https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf
# Referenced from: https://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
#
# To get your Cloudflare API key: https://www.cloudflare.com/my-account
#

[Definition]

# Option:  actionstart
# Notes.:  command executed once at the start of Fail2Ban.
# Values:  CMD
#
actionstart =

# Option:  actionstop
# Notes.:  command executed once at the end of Fail2Ban
# Values:  CMD
#
actionstop =

# Option:  actioncheck
# Notes.:  command executed once before each actionban command
# Values:  CMD
#
actioncheck =

# Option:  actionban
# Notes.:  command executed when banning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:      IP address
#            number of failures
#            unix timestamp of the ban time
# Values:  CMD

actionban = curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
            -H "X-Auth-Email: <cfuser>" \
            -H "X-Auth-Key: <cftoken>" \
            -H "Content-Type: application/json" \
            --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban"}'

# Option:  actionunban
# Notes.:  command executed when unbanning an IP. Take care that the
#          command is executed with Fail2Ban user rights.
# Tags:      IP address
#            number of failures
#            unix timestamp of the ban time
# Values:  CMD
#

actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
              curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
              -H "X-Auth-Email: <cfuser>" \
              -H "X-Auth-Key: <cftoken>" \
              -H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1)" \
              -H "X-Auth-Email: <cfuser>" \
              -H "X-Auth-Key: <cftoken>" \
              -H "Content-Type: application/json"

[Init]

# Option: cfuser
# Notes.: Replaces <cfuser> in actionban and actionunban with cfuser value below
# Values: Your CloudFlare user account

cfuser = put-your-cloudflare-email-here

# Option: cftoken
# Notes.: Replaces <cftoken> in actionban and actionunban with cftoken value below
# Values: Your CloudFlare API key

cftoken = put-your-API-key-here
	#
	# Author: Mike Andreasen from https://guides.wp-bullet.com
	# Adapted Source: https://github.com/fail2ban/fail2ban/blob/master/config/action.d/cloudflare.conf
	# Referenced from: https://www.normyee.net/blog/2012/02/02/adding-cloudflare-support-to-fail2ban by NORM YEE
	#
	# To get your Cloudflare API key: https://www.cloudflare.com/my-account
	#

	[Definition]

	# Option: actionstart
	# Notes.: command executed once at the start of Fail2Ban.
	# Values: CMD
	#
	actionstart =

	# Option: actionstop
	# Notes.: command executed once at the end of Fail2Ban
	# Values: CMD
	#
	actionstop =

	# Option: actioncheck
	# Notes.: command executed once before each actionban command
	# Values: CMD
	#
	actioncheck =

	# Option: actionban
	# Notes.: command executed when banning an IP. Take care that the
	# command is executed with Fail2Ban user rights.
	# Tags: IP address
	# number of failures
	# unix timestamp of the ban time
	# Values: CMD

	actionban = curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
	-H "X-Auth-Email: <cfuser>" \
	-H "X-Auth-Key: <cftoken>" \
	-H "Content-Type: application/json" \
	--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban"}'

	# Option: actionunban
	# Notes.: command executed when unbanning an IP. Take care that the
	# command is executed with Fail2Ban user rights.
	# Tags: IP address
	# number of failures
	# unix timestamp of the ban time
	# Values: CMD
	#

	actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
	curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
	-H "X-Auth-Email: <cfuser>" \
	-H "X-Auth-Key: <cftoken>" \
	-H "Content-Type: application/json" \| awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' \| tr -d '"' \| head -n 1)" \
	-H "X-Auth-Email: <cfuser>" \
	-H "X-Auth-Key: <cftoken>" \
	-H "Content-Type: application/json"

	[Init]

	# Option: cfuser
	# Notes.: Replaces <cfuser> in actionban and actionunban with cfuser value below
	# Values: Your CloudFlare user account

	cfuser = put-your-cloudflare-email-here

	# Option: cftoken
	# Notes.: Replaces <cftoken> in actionban and actionunban with cftoken value below
	# Values: Your CloudFlare API key

	cftoken = put-your-API-key-here