On 8/10/2016 6:22 PM, John Kelly wrote:
On 8/10/2016 4:12 PM, John Kelly wrote:
Le 23/07/2016 à 01:00, John Kelly a écrit :
> When using Fail2Ban to ban an IP at CloudFlare I would like to add a
> readable time in the notes in the format Month-Day-Year
> Hour:Minute:Second. Looks like <time> is the number of seconds. Can
> anyone tell me how, if possible, to create a variable in the cloudflare
> match action file so that I can add a readable time into the cloudflare
> block record? I have the following so far.
>
> actionban = curl -X
> POST https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
> <https://deref-mail-02.com/mail/client/dereferrer/?redirectUrl=https%3A%2F%2Fderef-mail-02.com%2Fmail%2Fclient%2Fdereferrer%2F%3FredirectUrl%3Dhttps%253A%252F%252Fapi.cloudflare.com%252Fclient%252Fv4%252Fuser%252Ffirewall%252Faccess_rules%252Frules><https://deref-mail-02.com/mail/client/dereferrer/?redirectUrl=https%3A%2F%2Fderef-mail-02.com%2Fmail%2Fclient%2Fdereferrer%2F%3FredirectUrl%3Dhttps%253A%252F%252Fapi.cloudflare.com%252Fclient%252Fv4%252Fuser%252Ffirewall%252Faccess_rules%252Frules%3E>;
> \
> -H "X-Auth-Email: <cfuser>" \
> -H "X-Auth-Key: <cfapikey>" \
> -H "Content-Type: application/json" \
> --data '{
> "mode": "challenge",
> "configuration": {
> "target": "ip",
> "value": "<ip>"
> },
> "notes": "Added by Fail2Ban on <time>"
> }'
For example:
TS=`echo <time> | sed 's/\..*//'`
DATE=`date +%%Y%%m%%d%%H%%M.%%S -d "1970-01-01 00:00:00 UTC +$TS second"`
curl … --data "… Added by Fail2Ban on $DATE …"
Note: Since your --data will have a double-quoted string as a parameter,
take care to escape all occurrences of quotes and dollars inside this
string with a backslash, except the dollar of $DATE of course.
Thanks for the reply and example, can you please show me how to add it to my
existing cloudflare match action file? I tried the following but I am obviously
doing something wrong as the nothing appears where the date should be in the
record's notes at Cloudflare.
TS=`echo <time> | sed 's/\..*//'`
DATE=`date +%%Y%%m%%d%%H%%M.%%S -d "1970-01-01 00:00:00 UTC +$TS second"`
actionban = curl -X POST
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
<https://deref-mail-02.com/mail/client/dereferrer/?redirectUrl=https%3A%2F%2Fderef-mail-02.com%2Fmail%2Fclient%2Fdereferrer%2F%3FredirectUrl%3Dhttps%253A%252F%252Fapi.cloudflare.com%252Fclient%252Fv4%252Fuser%252Ffirewall%252Faccess_rules%252Frules><https://deref-mail-02.com/mail/client/dereferrer/?redirectUrl=https%3A%2F%2Fderef-mail-02.com%2Fmail%2Fclient%2Fdereferrer%2F%3FredirectUrl%3Dhttps%253A%252F%252Fapi.cloudflare.com%252Fclient%252Fv4%252Fuser%252Ffirewall%252Faccess_rules%252Frules%3E>;
\
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cfapikey>" \
-H "Content-Type: application/json" \
--data '{
"mode": "challenge",
"configuration": {
"target": "ip",
"value": "<ip>"
},
"notes": \"Added by Fail2Ban on $DATE\"
}'
Mistake in my last post, escaping the quotes around the $DATE variable causes
the rule not to be added to Cloudflare. Not escaping the quotes the block is
added to Cloudflare but contains $DATE in the block record note where the date
should be. Appreciate any further assistance.
Was able to get it working using an external script instead of in the match
action file and escaping all quotes in --data as was mentioned, thanks.
------------------------------------------------------------------------------
What NetFlow Analyzer can do for you? Monitors network bandwidth and traffic
patterns at an interface-level. Reveals which users, apps, and protocols are
consuming the most bandwidth. Provides multi-vendor support for NetFlow,
J-Flow, sFlow and other flows. Make informed decisions using capacity
planning reports. http://sdm.link/zohodev2dev
_______________________________________________
Fail2ban-users mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/fail2ban-users
