Just wondering if it is possible to use Fail2ban on a server with CloudFlare in front of it?
Server <-> CloudFlare <-> Internet
The issue is that it seems the incoming web traffic has the IP of the CloudFlare servers, rather than the originating IP.
For example, I banhammer people probing for vulnerabilities of systems not in use.
*.log:173.245.55.134 - - [12/Oct/2016:23:06:32 -0400] "GET /CFIDE/administrator/ HTTP/1.1" 403 5423 "-" "-"
The above appears to be an attempt to exploit ColdFusion... Whatever that is. So I banhammer them, but now the incoming IP is listed as CloudFlare, so that is not going to work.
General IP Information
IP: 173.245.55.134
Decimal: 2918528902
Hostname: cf-173-245-55-134.cloudflare.com
ASN: 13335
ISP: CloudFlare
Organization: CloudFlare
Therefore, is it possible to still use fail2ban with CloudFlare in front of it? What is the solution?
Yes, you can still use fail2ban to block IPs on your server. Since Cloudflare is a reverse proxy, however, you do want to make sure you have a solution to restore original visitor IP back to your server logs using Cloudflare and fail2ban at the same time.
Cloudflare KB on "Can I still use fail2ban while using Cloudflare?"
Yes, you can, though you may wish to restore the original IP Address of your end user using something like Mod_Cloudflare; their knowledge base contains a guide on Restoring Visitor IPs.
Cloudflare are soon offering the ability to do rate limiting in the Cloud, you can sign up for their beta on their site.