So I discovered servers trying to bruteforce my API so I want to block them...but my specific scenario made it difficult to work with common solutions found on the internet.
1) I don't want to just rate limit, if any IP attempts to authenticate with the API and fail more than X times in ~6 hours I want to block them. No answers anymore at all. Not even 429 replies
2) I'm using cloudflare, so I need to use the CF IP header
3) I can't block the traffic based on iptables or similar solutions, since the only IPs that talk to my server are cloudflare IPs
4) The API generates nginx errors if the authentication fails with 2: no such file or directory
if that helps with something
Given my scenario, what are the possible solutions?