Cloudflare 的 Fail2ban 解禁操作失败

Cloudflare 的 Fail2ban 解禁操作失败

我正在尝试使用这个来设置 Cloudflare 阻止和 fail2ban指导尽管它可以正确禁止该 IP,但 fail2ban 无法在超时或使用手动 shell 命令后从 Cloudflare 取消禁止该 IP。它总是返回 400 Bad Request 错误。

难道我做错了什么?

以下是相关的 cURL 命令:

actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
          curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
          -H "X-Auth-Email: <cfuser>" \
          -H "X-Auth-Key: <cftoken>" \
          -H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1)" \
          -H "X-Auth-Email: <cfuser>" \
          -H "X-Auth-Key: <cftoken>" \
          -H "Content-Type: application/json"

更新:我可以单独运行上面提到的嵌套 cURL 命令,它们会返回正确的响应。

答案1

看起来 Cloudflare 已调整其 API 以返回格式化的 JSON(以前返回的 JSON 位于一行上)。您应该能够通过在管道传输到 awk 命令之前删除换行符来解决问题:

actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
      curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
      -H "X-Auth-Email: <cfuser>" \
      -H "X-Auth-Key: <cftoken>" \
      -H "Content-Type: application/json" | tr -d '\n' | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1)" \
      -H "X-Auth-Email: <cfuser>" \
      -H "X-Auth-Key: <cftoken>" \
      -H "Content-Type: application/json"

您可能还想切换到 Fail2ban 0.10 附带的新 Cloudflare 过滤器,因为它更加简洁:

actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
        -H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "<ip>" } }' \
        https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules

actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
          https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
          'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)

答案2

我认为 Cloudflare 的 API 有问题。我尝试使用以下命令解除 IP 禁令:

id_CF=`curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=xxx.xxx.xxx.xxx&page=1&per_page=1&match=all" \
            -H "X-Auth-Email: <My's Email>" \
            -H "X-Auth-Key: <My's Token Cloudflare>" \
            -H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1);}}}' | tr -d '"' | head -n 1`


curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id_CF \
            -H "X-Auth-Email: <My's Email>" \
            -H "X-Auth-Key: <My's Token Cloudflare>" \
            -H "Content-Type: application/json"

结果是:当运行命令第二个位置时,返回 400 Bad Request 错误,但是当我获取变量 $id_CF 的值时,假设是以下 id 字符串:71eceb59a7b846c6bd2b2692ab438e86 并再次运行命令第二个。然后它成功了。

curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/71eceb59a7b846c6bd2b2692ab438e86" \
            -H "X-Auth-Email: <My's Email>" \
            -H "X-Auth-Key: <My's Token Cloudflare>" \
            -H "Content-Type: application/json"

{ “结果”:null,“成功”:true,“错误”:null,“消息”:null }

我确实不知道问题到底出在哪里,但是以前,当我使用旧的 API 时,情况并非如此。

答案3

谢谢杰克杰克逊,你是对的!

我通过剥离 ID 的第一个空白行进行了测试,成功了。目前,我在以下命令中将 sed 命令添加到管道中:

actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \ curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=27.78.160.247&page=1&per_page=1&match=all" \ -H "X-Auth-Email: <My's Email>" \ -H "X-Auth-Key: <My's Token Cloudflare>" \ -H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1);}}}' | tr -d '"' | sed -e 's/^[ \t]*//' | head -n 1)" \ -H "X-Auth-Email: <My's Email>" \ -H "X-Auth-Key: <My's Token Cloudflare>" \ -H "Content-Type: application/json"

希望对大家有帮助!

相关内容