Cloud Load Balancers (LBaaS) can be used for numerous reasons, the most commonly that is for distrobuting traffic between multiple servers instead of using HAProxy or a dedicated Load Balancer, there are possitives and negatives to this however in my view load balancing as a service is a fantastic service, with some draw backs which I am sure I will detail in future posts.
Anywho on to the actural reason you are reading this
Challenge
When using any form of Load Balancing you cannot simply block the IP address of the requests as this will be the Load Balancers IP address, all hope is not lost however as the stand is to send along an additional header such as X-Forwarded-For or X-Real-IP, I am not sure where the latter came from but the former is the most likely to be seen, using this additional header we can get the users IP address, this can be used within system logging or your application, in the situation that we are going to discuss we are relying on the system logging the IP address correctly.
Please be aware that I am not the author of this script so use with caution I do however plan to create a Python version
Required software
[ ] Fail2Ban
[ ] PHP
[ ] PHP Script
yum install php-cli fail2ban
wget https://raw.githubusercontent.com/sidgtl/rackban/master/scripts/rackban.php -o $HOME/rackban.php
apt-get install php-cli fail2ban
wget https://raw.githubusercontent.com/sidgtl/rackban/master/scripts/rackban.php -o $HOME/rackban.php
pacman -S php fail2ban
wget https://raw.githubusercontent.com/sidgtl/rackban/master/scripts/rackban.php -o $HOME/rackban.php
Configure and Test it
Before continuing we need to update the script with your Rackspace Cloud details, I would also suggest testing the script to ensure that it working.
Update Config
private $accountId = "12345678";
// Your Rackspace username
private $username = "exampleuser";
// Your Rackspace API key
private $apiKey = "kh45kh345k34k345h3k45h";
// Your Rackspace load balancer ID
private $loadBalancer = "123456";
// Your Racspace region (ord, dfw, iad, lon, syd, hkg)
private $region = "lon";
Test script
php -f $HOME/rackban.php ban 10.0.0.1
php -f $HOME/rackban.php unban 10.0.0.1
Configure Fail2Ban
After you have tested that the script is working you can proceed to create the custom action for Fail2Ban, the configuration file /etc/fail2ban/action.d/rackban.conf
Replace {PATH_TO_PHP} with the full path to PHP e.g. /usr/bin/php
Replace {PATH} with the path to rackban.php e.g. /home/trozz
[Definition]
actionstart =
actionstop =
actioncheck =
actionban = {PATH_TO_PHP} -f {PATH}/rackban.php ban <ip>
actionunban = {PATH_TO_PHP} -f {PATH}/rackban.php unban <ip>
Finally you would need to update the action that is performed for your Fail2Ban jail.
[apache-auth]
enabled = true
port = http,https
logpath = %(apache_error_log)s
action = rackban
And there you have it with this setup you will now automatically ban people that connect through your Cloud Load Balancer