So it didn't take me long to realize that IP's are not actually being banned when using Cloudflare because iptables isn't looking for "X-Forwarded-For" in the header (is this even possible?) So the attack comes from Cloudflare IP, which of course is whitelisted, so the server is completely unprotected.
So after reading the documentation, I found BLOCK_REPORT which I can use to fire off an API call to Cloudflare to ban the IP. It works! ... well, sort of. When manually adding or removing IP addresses to CSF deny list using the "csf -d" or "csf -dr" respectively, CSF does not use my BLOCK_REPORT or UNBLOCK_REPORT scripts. Is this normal behavior? Shouldn't any manual banning or unbanning also use my scripts as defined? Or am I doing this all wrong?
CSF+LFD with Cloudflare
Re: CSF+LFD with Cloudflare
It appears iptables supports --string 'X-Forwarded-For: x.x.x.x'
This would be an awesome feature to implement for us people who use proxies.
This would be an awesome feature to implement for us people who use proxies.