Hi,
I have a network of a dozen or so websites all proxied behind Cloudflare. My VPS disallows any non-Cloudflare IP from connecting, so my only option for remediation is via Cloudflare’s WAF. Since Fail2Ban’s implementation of this is deprecated and will be disabled by Cloudflare on July 1st, I’m attempting to use CrowdSec as a replacement.
I installed and configured the Security Engine successfully. My logs are being parsed and it’s initiating ban decisions. All of that is working fine. Where I run into trouble is with both Cloudflare remediation bouncers.
The crowdsec-cloudflare-bouncer straight up doesn’t work for me. Apparently, this is a well-known issue with Cloudflare’s rate limiting. My logs reflect that’s the problem.
As a remedy, I installed crowdsec-cloudflare-worker-bouncer. I configured it then ran it, and what happens is that it connects to my Cloudflare account, creates the Worker, creates all the Worker routes, deletes everything it just made, and then creates them again. It does this on an infinite loop.
There are no errors in the log. It does this as if this is what it’s built to do. Does anyone have any idea or suggestions about where I can look to try to fix this? CrowdSec seems like a great piece of software but I really need it to interact with Cloudflare and as yet cannot make that happen.