# [cloudflared] fail2ban で IP Ban
トンネリングされてローカルIPに接続されるため .htaccess で Ban する手法を取る。(外部ネットワークデバイスを経由しないため iptables が使えない)
## fail2ban setting
cat /etc/fail2ban/filter.d/apache-404.conf
```
[Definition]
failregex = ^ .+ "(GET|POST) .+" 404 .*
ignoreregex =
```
cat /etc/fail2ban/action.d/htaccess-ban.conf
```
[Definition]
actionstart = touch /var/www/html/.htaccess
actionban = printf "
Deny from
" >> /var/www/html/.htaccess
actionunban = sed -i "/Deny from /d" /var/www/html/.htaccess
```
cat /etc/fail2ban/jail.d/ore.conf
```
[apache-404]
enabled = true
filter = apache-404
action = htaccess-ban
logpath = /var/log/apache2/access.log
bantime = 3600
findtime = 600
maxretry = 3
```
## apache2.4 setting
cat /etc/apache2/sites-enabled/002-default.conf
```
ServerAdmin webmaster@localhost
DocumentRoot /var/www/html
RemoteIPHeader X-Forwarded-For
RemoteIPInternalProxy 127.0.0.1
LogFormat "%h %a %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" \"%{Accept}i\" \"%{Accept-Language}i\" \"%{Accept-Encoding}i\" \"%{Connection}i\" \"%{Content-Type}i\" \"%{Content-Length}i\" \"%{Host}i\" \"%{Authorization}i\" \"%{X-Forwarded-For}i\"" custom_log
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log custom_log
AllowOverride All
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
```