Fail2ban jail for specific url doesn't work with Cloudflare - apache

This is a continuation of a previous question regarding creating a jail for a specific url.
It bans the Cloudflare IP and not that of the user. I've followed this guide to setup the Cloudflare filter, but am having issues.
Jail.local looks like this...
[apache-specific-url]
enabled = true
port = http,https
filter = apache-specific-url
action = cloudflare
iptables-allports
logpath = %(apache_access_log)s
bantime = 48h
maxretry = 1
actions.d/cloudflare.conf
This is the cloudflare.conf that came with Fail2ban V0.11.1 which is what I'm using. It looks to be the latest and correct version. I've properly set cftoken & cfuser in the file.
actionban = curl -s -o /dev/null -X POST -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
-H 'Content-Type: application/json' -d '{ "mode": "block", "configuration": { "target": "ip", "value": "" } }' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules
actionunban = curl -s -o /dev/null -X DELETE -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$(curl -s -X GET -H 'X-Auth-Email: ' -H 'X-Auth-Key: ' \
'https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=&page=1&per_page=1' | tr -d '\n' | cut -d'"' -f6)
My API info & Curl is good
If I curl the following, the test IP is indeed banned on cloudflare and I get a success upon return.
curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
-H "X-Auth-Email: CloudFlare-username" \
-H "X-Auth-Key: CloudFlare-API-Key" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"1.2.3.4"},"notes":"Fail2ban"}'
/var/log/fail2ban.log shows the following
2021-01-15 14:59:08,461 fail2ban.filter [3439]: INFO [apache-specific-url] Found 172.69.63.147 - 2021-01-15 14:59:07
2021-01-15 14:59:08,981 fail2ban.actions [3439]: NOTICE [apache-specific-url] Ban 172.69.63.147
I'm not sure what I'm missing here, but it doesn't look like I've setup the jail properly to get the actual IP from Cloudflare and ban it locally or on Cloudflare.
Any help greatly appreciated.

After a great deal of trial and error, the problem with banning and unbanning was with the cloudflare action. Parsing the json seems to be tricky for folks. Oddly enough, I found several folks with the issue with different resolutions. However, the following is the "Mix" that works for me. I hope it helps someone in the future.
/etc/fail2ban/action.d/cloudflare.conf
actionban = curl -s -X POST "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" \
--data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"Fail2ban"}'
actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/$( \
curl -s -X GET "https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json" | awk -F"[,:}]" '{for(i=1;i<=NF;i++){if($i~/'id'\042/){print $(i+1)}}}' | tr -d '"' | head -n 1 | sed -E -e 's/^\s+//' -e 's/\s+$//')" \
-H "X-Auth-Email: <cfuser>" \
-H "X-Auth-Key: <cftoken>" \
-H "Content-Type: application/json"
actionban was gleemed from this blog
actionunban, the tougher of the two, was gleemed from here

Related

BigCommerce API Order Update What Scope is Required?

I am trying to update the status of an order.
curl -X PUT
-H "Content-Type: application/json"
-H "Accept: application/json"
-H "X-Auth-Client: <auth client>"
-H "X-Auth-Token: <auth token>"
-H "X-Custom-Auth-Header: <auth header>"
https://api.bigcommerce.com/stores/<store hash>/v2/orders/14222
-d '{"status_id":2}'
I am getting the error:
{"status":403,"title":"You don't have a required scope to access the endpoint","type":"https://developer.bigcommerce.com/api-docs/getting-started/api-status-codes","errors":{}}
We are using the same authorization that we use on all our other commands, which work fine.
Any ideas why it's saying we don't have the required scope?
Update: Try this Code with your Creds
Note: Check the value of Auth Token & Auth Client ID. Or, try by removing Auth Client ID (If invalid) as it is optional to BigCommerce APIs.
curl --request PUT \
--url https://api.bigcommerce.com/stores/<storehash>/v2/orders/14222 \
--header 'accept: application/json' \
--header 'content-type: application/json' \
--header 'x-auth-token: <OAuthToken Value>' \
--data '{"status_id":11}'
OR
curl -X PUT \
-H "Content-Type: application/json" \
-H "Accept: application/json" \
-H "X-Auth-Token: <oauth_token>" \
-H "X-Custom-Auth-Header: <custom_header_value>" \
https://api.bigcommerce.com/stores/<store_hash>/v2/orders/14222 \
-d '{"status_id":2}'

GoCD POST requests return "The resource you requested was not found!"

I have GoCD instance and want to automate regular actions like scheduling pipelines and checking pipelines statuses using GoCD API.
When I do GET request it works:
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/status' \
-u 'kagarlickij:Pa$$w0rd' | jq
..but when I do POST request it returns "The resource you requested was not found!":
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/pause' \
-u 'kagarlickij:Pa$$w0rd' \
-H 'Accept: application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' \
-X POST -d '{"pause_cause": "Investigating build failures"}' | jq
..another POST example:
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/schedule' \
-u 'kagarlickij:P#$$w0rd' \
-H 'Accept: application/vnd.go.cd.v1+json' -H 'Content-Type: application/json' \
-X POST -d #gocd.json | jq
json content:
{
"environment_variables": {},
"materials": {},
"update_materials_before_scheduling": false
}
Any ideas how pipelines could be started using API?
Some GoCD API calls require 'Confirm': 'true' header.
In you case, you can try running curl like this:
curl 'https://gocd.demo.kagarlickij.com/go/api/pipelines/frankenstein/pause' \
-u 'kagarlickij:Pa$$w0rd' \
-H 'Accept: application/vnd.go.cd.v1+json' \
-H 'Content-Type: application/json' \
-H 'Confirm: true' \
-X POST -d '{"pause_cause": "Investigating build failures"}' | jq
I can recommend my lib yagocd for GoCD, which takes cares about version incompatibilities and makes working with GoCD API much easier.
The answer turned out to be very simple - that API actions require GoCD v18.2.0 but I had v18.0.0
After upgrade API calls work as expected

Authentication of arangodb APIs of dbserver and agency is failed

I uses the arangodb(0.9.3) to start cluster(current version 3.2.1).
there are some problemsin authentication.
query1 post to coordinator(port=8529) with basic auth, response 200
curl -X GET \
http://xx.xx.xx.xx:8529/_db/KnowledgeGraph/_api/collection/CarInfo \
-H 'authorization: Basic cm9vdDptaHh6a2hs' \
-H 'cache-control: no-cache' \
-H 'postman-token: 897691e4-c4fc-5588-b217-0da53bc368ba'
query2 post to agency(port=8531) with basic auth, response 401
curl -X GET \
http://xx.xx.xx.xx:8531/_api/agency/config \
-H 'authorization: Basic cm9vdDptaHh6a2hs' \
-H 'cache-control: no-cache' \
-H 'postman-token: 5160250f-4471-84aa-e377-bd0b99ba9926'
I want to use logger-follow to monitor the change of data in cluster. query3 post to dbserver(port=8530) with basic auth, response 401. If my cluster start without --auth.jwt-secret /my/path/to/jwt, such query has response 200.
curl -X GET \
'http://xx.xx.xx.xx:8530/_api/replication/logger-follow?from=0' \
-H 'authorization: Basic cm9vdDptaHh6a2hs' \
-H 'cache-control: no-cache' \
-H 'postman-token: 11b09c7f-85b1-4ed3-ca78-f28cf86c331b'
Is there some difference of authentication between agency/dbserver with coordinator?
Or is there something wrong with authentication of agency/dbserver?

Spring Cloud config server encryption decryption

I am using the below command to encryot the password.
curl -H "Content-Type: text/plain" lonrs03668:8888/encrypt -d Simple12$jedi
after decryting the password, the value after $ sign getting lost and it is only returning the Simple12.
The issue is that if string contains the $ sign it is not encrypting/decrypting correctly.
Try curl -H 'content-type: text/plain' localhost:8888/encrypt --data-raw 'your password'
Below is working for me by adding \ before $ .
curl -u root:s3cr3t -H "Content-Type: text/plain" lonrs03668:8888/encrypt --data-ascii Simple12\$jedi.

Why can't I enable or disable my GlassFish application through the REST API?

When I submit a REST request, EG: (included auth is for admin/adminadmin)
curl -ik -X POST -H "Accept: application/json"
-H "Authorization: Basic YWRtaW46YWRtaW5hZG1pbg=="
https://localhost:4848/management/domain/applications/application/MyApp/enable
GlassFish just rejects the request:
HTTP/1.1 400 Bad Request
Content-Length: 0
Date: Wed, 17 Jul 2013 10:33:06 GMT
Connection: close
What am I doing wrong?
I've used the GET method to check the command parameters and they're all optional.
From: http://docs.oracle.com/cd/E26576_01/doc.312/e24928/general-administration.htm
REST requests that add, update, or delete objects must specify the X-Requested-By header with the value "GlassFish REST HTML interface".
So EG:
curl -ik -X POST -H "Accept: application/json"
-H "Authorization: Basic YWRtaW46YWRtaW5hZG1pbg=="
-H "X-Requested-By: GlassFish REST HTML interface"
https://localhost:4848/management/domain/applications/application/MyApp/enable
Based on the answer above, ajusted for those who try to do it with the successor of Glassfish - the Payara Server:
Enable App
curl -ik -X POST \
-H 'accept: application/json;charset=UTF-8' \
-H 'authorization: Basic YWRtaW46YWRtaW5hZG1pbg==' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'x-requested-by: GlassFish REST HTML interface' \
--data target=server \
--url https://localhost:4848/management/domain/applications/application/awesomeApp/enable
Disable App
curl -ik -X POST \
-H 'accept: application/json;charset=UTF-8' \
-H 'authorization: Basic YWRtaW46YWRtaW5hZG1pbg==' \
-H 'content-type: application/x-www-form-urlencoded' \
-H 'x-requested-by: GlassFish REST HTML interface' \
--data target=server \
--url https://localhost:4848/management/domain/applications/application/awesomeApp/disable