Correctly block Cloudflare proxies IPs | CrowdSec | Page 1

sterile anvil Jul 2, 2025, 9:52 AM

#

Hey so my problem currently is that Crowdsec only blocks Ips that are set to DNS only since Cloudflare Orange Cloud will change the visitors IP of course.

I followed this guide to restore the orignal visitors ip addresses:
https://github.com/ergin/nginx-cloudflare-real-ip

But I think there is some additional configuration that I need to do on crowdsecs side of things since it still does not seem to work.

Does anyone know what I need to change in order for crowdsec to also block visitors that access the page over orange cloud? Is that even needed?

GitHub

GitHub - ergin/nginx-cloudflare-real-ip: This project aims to modif...

This project aims to modify your nginx configuration to let you get the real ip address of your visitors. - ergin/nginx-cloudflare-real-ip

haughty capeBOT Jul 2, 2025, 9:52 AM

#

Important Information

Thank you for getting in touch with your support request. To expedite a swift resolution, could you kindly provide the following information? Rest assured, we will respond promptly, and we greatly appreciate your patience. While you wait, please check the links below to see if this issue has been previously addressed. If you have managed to resolve it, please use run the command /resolve or press the green resolve button below.

Log Files

If you possess any log files that you believe could be beneficial, please include them at this time. By default, CrowdSec logs to /var/log/, where you will discover a corresponding log file for each component.

Guide Followed (CrowdSec Official)

If you have diligently followed one of our guides and hit a roadblock, please share the guide with us. This will help us assess if any adjustments are necessary to assist you further.

Screenshots

Please forward any screenshots depicting errors you encounter. Your visuals will provide us with a clear view of the issues you are facing.

frail berry Jul 2, 2025, 11:03 AM

#

sterile anvil Hey so my problem currently is that Crowdsec only blocks Ips that are set to DNS...

So might sound dumb but you are using nginx as the first proxy after cloudflare?

sterile anvil Jul 2, 2025, 11:34 AM

#

Yes. Cloudflare leads to nginx

frail berry Jul 2, 2025, 11:36 AM

#

sterile anvil Yes. Cloudflare leads to nginx

So the repo you linked kind of does it a werid way, cause by default most nginx instances uses /etc/nginx/conf.d/ to be auto included hence my script https://gist.github.com/LaurenceJJones/7e7e386bb1f0dae7054c95df2722a4bb

so you are including that file into your default configuration?

Gist

nginx-cf-real-ip.sh

GitHub Gist: instantly share code, notes, and snippets.

#

cause the only reason CrowdSec blocks cloudflare IP is because nginx is logging the incorrect IP address

#

so you actually have include /etc/nginx/cloudflare; inside your nginx configuration?

sterile anvil Jul 2, 2025, 11:40 AM

#

I just followed the guide step by step. I wind to the conf path edited the file he told me and added the include section under http block

frail berry Jul 2, 2025, 11:50 AM

#

care to show your configuration as the include has to be before where you imports your sites as it matters for ordering

#

for mine cause it does

http {
....
   # Load configs
    include /etc/nginx/conf.d/*.conf;
    include /etc/nginx/sites-enabled/*;
}

cause the include is before loading the sites it makes sure the ordering is correct

if your include is after the sites it causes the logic to not be correct.

sterile anvil Jul 2, 2025, 12:42 PM

#

I currently am not home so I have to send it a bit later, but it is in fact the first thing under the http block. I put it all the way at the top

#Correctly block Cloudflare proxies IPs