store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Thu Sep 19, 2019 9:07 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 6 posts ] 
Author Message
 Post subject: CloudFlare Client API
Unread postPosted: Wed Jul 18, 2018 5:05 pm 
Offline
Forum Regular
Forum Regular
User avatar

Joined: Wed Jan 13, 2010 9:11 am
Posts: 196
Location: Bali
I have set this up.
What does it actually do?

_________________
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.


Top
 Profile  
Reply with quote  
 Post subject: Re: CloudFlare Client API
Unread postPosted: Fri Jul 20, 2018 6:11 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4085
Location: Chantilly, VA
It allows your system to send a request to Cloudflare to shun an IP. There is a finite limit to the number of IPs they will let you block, but this helps with the issue that a CDN prevents you from blocking IPs locally.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: CloudFlare Client API
Unread postPosted: Sat Jul 21, 2018 3:22 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 321
Mike:

Has there been consideration for adding removal code as well? Perhaps a periodic function that would remove IPs that were X days old would help with the issue of the IP buildup over time?


Top
 Profile  
Reply with quote  
 Post subject: Re: CloudFlare Client API
Unread postPosted: Mon Jul 23, 2018 2:03 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4085
Location: Chantilly, VA
IPs are already removed automatically based on whatever period you have set for normal shuns.

There is no limit the number of IPs you can shun locally, there is a limit to the number of IPs Cloudflare and other CDNs will let you block.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
 Post subject: Re: CloudFlare Client API
Unread postPosted: Tue Jul 24, 2018 2:53 pm 
Offline
Forum Regular
Forum Regular

Joined: Sat Sep 25, 2010 2:46 pm
Posts: 321
Mike:

Thanks for the clarification. I'd previously thought that the mention of the IP limit at Cloudflare was due to the shunned IPs building up over time as they weren't being removed at Cloudflare (making it likely that the overall limit would be reached).


Top
 Profile  
Reply with quote  
 Post subject: Re: CloudFlare Client API
Unread postPosted: Tue Jul 24, 2018 3:53 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4085
Location: Chantilly, VA
No its just a limit of the total number of IPs they and other CDNs will allow you to block at any time. Once you bit whatever limit they have you cant block anything else on their end. Keep that in mind when you use a CDN. For example, here is an article from CloudFlare documenting their limits:

https://support.cloudflare.com/hc/en-us ... -Firewall-

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 6 posts ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 1 guest


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group