Join the community today
Register Now

CSF Setup Fail2ban jail for Xenforo

Discussion in 'Other Centmin Mod Installed software' started by duderuud, Apr 19, 2021.

  1. duderuud

    duderuud New Member

    27
    8
    3
    Dec 5, 2020
    The Netherlands
    Ratings:
    +15
    Local Time:
    10:26 AM
    1.19.10
    MariaDB 10.4
    Setup:
    • CentOS Version: CentOS 7
    • Centmin Mod Version Installed: 123.09beta01
    • Nginx Version Installed: 1.19.10
    • PHP Version Installed: 7.4.16
    • MariaDB MySQL Version Installed: 10.4.18

    Trying to use fail2ban in combination with CF Firewall to block the /install and /admin.php of Xenforo.

    Tried to make custom jails like
    failregex = <HOST>.*] "POST /install/index.php?upgrade
    failregex = <HOST>.*] "POST /admin.php



    Tested some more and came up with this:
    Vhost conf:
    Code:
    location ~* /(admin\.php) {
        limit_req zone=xfadminlogin burst=1 nodelay;
    }
    
    location ~* /(/install/index\.php) {
        limit_req zone=xfinstalllogin burst=1 nodelay;
    }
    
    jail.local file:
    Code:
    [xenforo]
    enabled = true
    filter = xenforo
    #action = csfdeny[name=xenforo]
    action   = cloudflare
    #action   = cloudflaretoken
    logpath = /home/nginx/domains/*/log/access.log
    port = http,https
    bantime = 3600
    maxretry = 5
    findtime = 60
    
    [xenforo-main]
    enabled = true
    filter = xenforo-main
    #action = csfdeny[name=xenforo-main]
    action   = cloudflare
    #action   = cloudflaretoken
    logpath = /home/nginx/domains/*/log/access.log
    port = http,https
    bantime = 3600
    maxretry = 5
    findtime = 60
    
    xenforo.conf filter:

    Code:
    [Definition]
    # /install/index.php?upgrade
    failregex = <HOST>.*] "POST /install/index.php?upgrade
    ignoreregex =
    
    xenforo-main.conf filter:
    Code:
    [Definition]
    # /admin.php
    failregex = <HOST>.*] "POST /admin.php
    ignoreregex =
    
    cfuser
    and cftoken (global CF API key) are present in the cloudflare.conf file

    Does this look okay?
     
    Last edited: Apr 19, 2021
  2. eva2000

    eva2000 Administrator Staff Member

    46,663
    10,592
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,439
    Local Time:
    6:26 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    how was fail2ban installed ? you can just test it and see for yourself if it works

    though you really don't need to just use Cloudflare Access to block and allow only users you want for /admin.php and /install access etc. Or setup nginx IP restriction to only your allowed IPs. This forum's admin is behind Cloudflare Access protection and /install is restricted at Nginx level to allowed IPs only - though probably will change it over to Cloudflare Access too

    edit: ok just switched install directory on this forum to use Cloudflare Access protection :)

    upload_2021-4-20_0-33-32.png
     
    Last edited: Apr 20, 2021
  3. duderuud

    duderuud New Member

    27
    8
    3
    Dec 5, 2020
    The Netherlands
    Ratings:
    +15
    Local Time:
    10:26 AM
    1.19.10
    MariaDB 10.4
    I tested Cloudflare Access protection before, also used it for /install now. Thanks for the heads up :)

    PS. Donated, it was long overdue.
     
  4. eva2000

    eva2000 Administrator Staff Member

    46,663
    10,592
    113
    May 24, 2014
    Brisbane, Australia
    Ratings:
    +16,439
    Local Time:
    6:26 PM
    Nginx 1.19.x
    MariaDB 5.5/10.x
    Much appreciated and gald to hear Cloudflare Access working for you - makes it easier to control and give/revoke access to other staff too if need be :)