I recently set up a VPS to build a personal art blog using Django with HTML, JavaScript, and CSS. I originally configured Fail2ban to monitor my Nginx logs and block IPs attempting to hack into my site, even though it's not a WordPress site. Now that I've also signed up for Cloudflare to experiment with features like Turnstile on my web forms, I'm wondering if I should disable Fail2ban for my Nginx logs (ports 80 and 443). Does Cloudflare take care of banning suspicious IPs for me, or should I keep Fail2ban active to protect against unwanted traffic? Will Cloudflare reduce the number of bot requests I receive?
2 Answers
Just to clarify, if you're using SSH keys and programs like knockd to limit access to port 22, that adds extra protection. You still want Fail2ban for your Nginx logs, especially since Cloudflare won't handle those specific logs for you. Keeping it active is a smart move!
You should definitely keep Fail2ban enabled. Cloudflare doesn't automatically ban IPs; it's more about protecting your site at a different level. To enhance your security, consider setting up WAF rules in Cloudflare to block certain countries or ASNs that shouldn't be accessing your site.
Related Questions
How to Build a Custom GPT Journalist That Posts Directly to WordPress
Cloudflare Origin SSL Certificate Setup Guide
How To Effectively Monetize A Site With Ads