fail2ban is good for preventing spam and DDOS on authenticated endpoints, but it’s harder to prevent attacks on public endpoints against a botnet or even a lazy proxy chain spam, which is why cloudflare adds some cookies and a buffer to handle a wave of new connections and maintain an address rank to drop any bad clients.
Although that being said, cloudflare can be bypassed via other timing tricks and even just using a specific request chain to get fresh cf cookies to avoid getting blocked.
deleted by creator
There was a pretty bad CVE a while back I vaguely recall
deleted by creator
fail2ban is good for preventing spam and DDOS on authenticated endpoints, but it’s harder to prevent attacks on public endpoints against a botnet or even a lazy proxy chain spam, which is why cloudflare adds some cookies and a buffer to handle a wave of new connections and maintain an address rank to drop any bad clients.
Although that being said, cloudflare can be bypassed via other timing tricks and even just using a specific request chain to get fresh cf cookies to avoid getting blocked.