So I discovered servers trying to bruteforce my API so I want to block them…but my specific scenario made it difficult to work with common solutions found on the internet.
1] I don't want to just rate limit, if any IP attempts to authenticate with the API and fail more than X times in ~6 hours I want to block them. No answers anymore at all. Not even 429 replies 2] I'm using cloudflare, so I need to use the CF IP header 3] I can't block the traffic based on iptables or similar solutions, since the only IPs that talk to my server are cloudflare IPs 4] The API generates nginx errors if the authentication fails with `2: no such file or directory` if that helps with something
Given my scenario, what are the possible solutions?