Join the community today
Become a Member

CSF CSF Cloudflare - CSF.DENY

Discussion in 'Other Centmin Mod Installed software' started by zakkaz, Jun 10, 2020.

  1. zakkaz

    zakkaz New Member

    7
    0
    1
    May 24, 2019
    Ratings:
    +0
    Local Time:
    7:08 AM
    Hi!
    I am here again, I got a problem with CSF.

    I was trying to ban one my IP, for test the CSF.. but I found a problem.
    If with the IP banned I go to nginx server REAL IP, I cannot access it because it is banned and is okay, but if I try to go to my site linked to Cloudflare I can access to the site without a problem.. but the IP is banned.

    I tried to do a $_SERVER['REMOTE_ADDR'] for check if it gives the real IP, worried about cloduflare ip.. but it gives the real ip.

    I am trying to understand the problem, but I cannot find a way.
     
  2. eva2000

    eva2000 Administrator Staff Member

    45,175
    10,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,924
    Local Time:
    3:08 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    You need to ensure Nginx sees your real visitor IP address when behind Cloudflare.

    If you use a reverse proxy like Cloudflare, Sucuri, or Incapsula in front of Centmin Mod Nginx, you need to setup nginx realip to be passed onto Nginx.

    See Getting Started Guide step 5 and setting correct real ip via nginx module config at http://centminmod.com/nginx_configure_cloudflare.html. The tools/csfcf.sh cronjob mentioned below helps maintain the whitelisted CSF Firewall IPs, but you still need to setup nginx realip in your nginx vhost.

    If using Centmin Mod 123.09beta01 and newer, there's an added tools/csfcf.sh script to aid in this. Details at:
     
  3. zakkaz

    zakkaz New Member

    7
    0
    1
    May 24, 2019
    Ratings:
    +0
    Local Time:
    7:08 AM
    I have already followed this step, looking on access.log:

    Code:
     *.*.*.* (real IP - BANNED IN CSF) - - [10/Jun/2020:03:12:49 +0000] "GET /jdjsjshss HTTP/1.1" 200 43 "-" "Mozilla/5.0 (Android 10; Mobile; rv:68.0) Gecko/68.0 Firefox/68.0" 
    Access.log see the real IP, so why it's working anyway?
    Just if I follow the domain.
     
  4. zakkaz

    zakkaz New Member

    7
    0
    1
    May 24, 2019
    Ratings:
    +0
    Local Time:
    7:08 AM
    Need to try a fresh install again?
     
  5. eva2000

    eva2000 Administrator Staff Member

    45,175
    10,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,924
    Local Time:
    3:08 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x
    If you have Cloudflare in front, only Nginx logs and Nginx see the real visitor IP if you configured csfcsf.sh etc. CSF Firewall doesn't real Nginx logs so can't see real visitor IP so blocking an IP in CSF Firewall won't block HTTP/HTTPS visitors if they're in front with Cloudflare. CSF Firewall will block for any access that doesn't go through Cloudflare i.e. if IP was trying to SSH into server, it would block that IP via CSF Firewall.

    If you have Cloudflare in front, you need to script yourself a way to pass CSF Firewall's ban and pass it on to Cloudflare's own Firewall via Cloudflare Firewall API Firewall Rules API - Cloudflare Firewall Rules and Manage rules via the APIs - Cloudflare Firewall Rules

    Or use Cloudflare Firewall's GUI to add IPs to About Cloudflare Firewall Rules - Cloudflare Firewall Rules
     
  6. eva2000

    eva2000 Administrator Staff Member

    45,175
    10,275
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +15,924
    Local Time:
    3:08 PM
    Nginx 1.17.x
    MariaDB 5.5/10.x