我正在尝试使用这个来设置 Cloudflare 阻止和 fail2ban指导尽管它可以正确禁止该 IP,但 fail2ban 无法在超时或使用手动 shell 命令后从 Cloudflare 取消禁止该 IP。它总是返回 400 Bad Request 错误。
难道我做错了什么?
以下是相关的 cURL 命令:
actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1)" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json"
更新:我可以单独运行上面提到的嵌套 cURL 命令,它们会返回正确的响应。
答案1
看起来 Cloudflare 已调整其 API 以返回格式化的 JSON(以前返回的 JSON 位于一行上)。您应该能够通过在管道传输到 awk 命令之前删除换行符来解决问题:
actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" | tr -d '\n' | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1)" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json"
您可能还想切换到 Fail2ban 0.10 附带的新 Cloudflare 过滤器,因为它更加简洁:
actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
-H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "<ip>" } }' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: <cfuser>' -H 'X-Auth-Key: <cftoken>' \
'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)
答案2
我认为 Cloudflare 的 API 有问题。我尝试使用以下命令解除 IP 禁令:
id_CF=`curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=xxx.xxx.xxx.xxx&page=1&per_page=1&match=all" \
-H "X-Auth-Email: <My's Email>" \
-H "X-Auth-Key: <My's Token Cloudflare>" \
-H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1);}}}' | tr -d '"' | head -n 1`
curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$id_CF \
-H "X-Auth-Email: <My's Email>" \
-H "X-Auth-Key: <My's Token Cloudflare>" \
-H "Content-Type: application/json"
结果是:当运行命令第二个位置时,返回 400 Bad Request 错误,但是当我获取变量 $id_CF 的值时,假设是以下 id 字符串:71eceb59a7b846c6bd2b2692ab438e86 并再次运行命令第二个。然后它成功了。
curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/71eceb59a7b846c6bd2b2692ab438e86" \
-H "X-Auth-Email: <My's Email>" \
-H "X-Auth-Key: <My's Token Cloudflare>" \
-H "Content-Type: application/json"
{ “结果”:null,“成功”:true,“错误”:null,“消息”:null }
我确实不知道问题到底出在哪里,但是以前,当我使用旧的 API 时,情况并非如此。
答案3
谢谢杰克杰克逊,你是对的!
我通过剥离 ID 的第一个空白行进行了测试,成功了。目前,我在以下命令中将 sed 命令添加到管道中:
actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \ curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=27.78.160.247&page=1&per_page=1&match=all" \ -H "X-Auth-Email: <My's Email>" \ -H "X-Auth-Key: <My's Token Cloudflare>" \ -H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1);}}}' | tr -d '"' | sed -e 's/^[ \t]*//' | head -n 1)" \ -H "X-Auth-Email: <My's Email>" \ -H "X-Auth-Key: <My's Token Cloudflare>" \ -H "Content-Type: application/json"
希望对大家有帮助!