\n\t\t\t\t
<?php\r\n\r\n\/\/ Obtain a dump of the Cloudflare access list in json format\r\n\/\/ Usage:\r\n\/\/ php cf_getaccesslist.php\r\n\r\n\r\n\/\/ Defining variables\r\n\r\n$authemail = "youremail@example.com";\r\n$authkey = "YOUR-CLOUDFLARE-API-KEY";\r\n$apiurl = "https:\/\/api.cloudflare.com\/client\/v4\/user\/firewall\/access_rules\/rules";\r\n\r\n$httphead = array(\r\n 'X-Auth-Email: '.$authemail,\r\n 'X-Auth-Key: '.$authkey,\r\n 'Content-Type: application\/json'\r\n );\r\n\r\n\/\/------------------------------------------------------------------------------------------\r\n\/\/------------------------------------------------------------------------------------------\r\n\r\nfunction getaccesslist() {\r\n\r\n global $httphead,$apiurl;\r\n\r\n $data = array(\r\n 'match'=>'all',\r\n 'order'=>'mode',\r\n 'direction'=>'desc',\r\n );\r\n \r\n \r\n \/\/ Build query string \r\n \r\n $qrydata = http_build_query($data);\r\n\r\n \/\/ https:\/\/stackoverflow.com\/questions\/2138527\/php-curl-http-post-sample-code\r\n\r\n $ch = curl_init();\r\n\r\n \/\/ We setup a http GET by the CURLOPT_URL option and provide an URL\r\n curl_setopt($ch, CURLOPT_URL, $apiurl."?".$qrydata);\r\n curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead);\r\n\r\n \/\/Tell cURL that it should only spend 5 seconds\r\n \/\/trying to connect to the URL in question.\r\n curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);\r\n\r\n \/\/A given cURL operation should only take 5 seconds max.\r\n curl_setopt($ch, CURLOPT_TIMEOUT, 5);\r\n\r\n \/\/Tell cURL to return the response output as a string.\r\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);\r\n \r\n \/\/ OK - go ahead and run curl\r\n $response = curl_exec($ch);\r\n\r\n curl_close($ch);\r\n\r\n \/\/ Debug response\r\n echo $response;\r\n\r\n \/\/ if you wish to process the output further, \r\n \/\/ the following line converts the json response into an associative array\r\n $r = json_decode($response, true);\r\n\r\n\r\n}\r\n\r\n\/\/------------------------------------------------------------------------------------------\r\n\r\ngetaccesslist();\r\n\r\n?>\r\n<\/pre>\n\t\t\t<\/div>\ncf_blockip.php<\/strong><\/h4>\n\n\t\t\t\t
<?php\r\n\r\n\/\/ Blocking an IP address on Cloudflare's firewall access rule\r\n\/\/ Usage:\r\n\/\/ cf_blockip.php [ipv4address]\r\n\/\/ e.g. php cf_unblock.php 192.168.10.200\r\n\/\/ If successful it will return a status message\r\n\r\n\/\/---------------------------------------------------------------------------------------\r\n\r\n$authemail = "youremail@example.com";\r\n$authkey = "YOUR-CLOUDFLARE-API-KEY";\r\n$apiurl = "https:\/\/api.cloudflare.com\/client\/v4\/user\/firewall\/access_rules\/rules";\r\n\r\n$httphead = array(\r\n 'X-Auth-Email: '.$authemail,\r\n 'X-Auth-Key: '.$authkey,\r\n 'Content-Type: application\/json'\r\n );\r\n\r\n\/\/---------------------------------------------------------------------------------------\r\n\/\/---------------------------------------------------------------------------------------\r\n\r\nfunction cf_blockip($ipaddress) {\r\n\r\n global $httphead, $apiurl;\r\n\r\n $config = array(\r\n 'target'=>'ip',\r\n 'value'=>$ipaddress\r\n );\r\n\r\n $data = array(\r\n 'mode'=>'block',\r\n 'configuration'=>$config,\r\n 'notes'=>'This is a block rule created by API4'\r\n );\r\n\r\n $postdata = json_encode($data);\r\n \/\/echo $postdata . "\\r\\n";\r\n\r\n \/\/ https:\/\/stackoverflow.com\/questions\/2138527\/php-curl-http-post-sample-code\r\n\r\n \/\/ initialise curl\r\n $ch = curl_init();\r\n\r\n curl_setopt($ch, CURLOPT_URL, $apiurl);\r\n curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead);\r\n \r\n \/\/ We setup a http POST, and provide %postdata\r\n curl_setopt($ch, CURLOPT_POST, 1);\r\n curl_setopt($ch, CURLOPT_POSTFIELDS, $postdata);\r\n\r\n\r\n \/\/Tell cURL that it should only spend 5 seconds\r\n \/\/trying to connect to the URL in question.\r\n curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);\r\n\r\n \/\/A given cURL operation should only take\r\n \/\/5 seconds max.\r\n curl_setopt($ch, CURLOPT_TIMEOUT, 5);\r\n\r\n \/\/Tell cURL to return the response output as a string.\r\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);\r\n\r\n \/\/ OK - go ahead and run curl\r\n $response = curl_exec($ch);\r\n\r\n curl_close($ch);\r\n\r\n \/\/ Uncomment the following line to see $response\r\n \/\/ echo $response;\r\n\r\n \/\/ convert $response to an associative array and place into $r\r\n $r = json_decode($response, true);\r\n\r\n \/\/ $r['success'] holds a boolean value - which is unprintable\r\n \/\/ We will force the output of the boolean value using ? operator\r\n\r\n echo "Block status on IP " . $ipaddress ." : " . ($r['success'] ? 'True' : 'False');\r\n\r\n if ($r['success'] == False ) {\r\n echo " : ERROR : " . $r['errors'][0]['message'];\r\n }\r\n\r\n echo "\\r\\n";\r\n}\r\n\r\n\/\/---------------------------------------------------------------------------------------\r\n\r\n\r\n\/\/ Getting IP input from argument\r\n$ip = $argv[1];\r\n\r\n\/\/ call the function to block the ip\r\ncf_blockip($ip);\r\n\r\n?>\r\n\r\n<\/pre>\n\t\t\t<\/div>\ncf_unblockip.php<\/strong><\/h4>\n\n\t\t\t\t
<?php\r\n\r\n\/\/ Deleting an access rule on Cloudflare based on an IP address\r\n\/\/ Usage:\r\n\/\/ cf_unblockip.php [ipv4address]\r\n\/\/ e.g. php cf_unblock.php 192.168.10.200\r\n\/\/ If successful it will return the ID of the CF access rule\r\n\r\n\/\/ Defining variables\r\n\r\n$authemail = "youremail@example.com";\r\n$authkey = "YOUR-CLOUDFLARE-API-KEY";\r\n$apiurl = "https:\/\/api.cloudflare.com\/client\/v4\/user\/firewall\/access_rules\/rules";\r\n\r\n$httphead = array(\r\n 'X-Auth-Email: '.$authemail,\r\n 'X-Auth-Key: '.$authkey,\r\n 'Content-Type: application\/json'\r\n );\r\n\r\n\/\/------------------------------------------------------------------------------------------\r\n\/\/------------------------------------------------------------------------------------------\r\n\r\nfunction cfunban($block_rule_id){\r\n\/\/ https:\/\/gist.github.com\/andrieslouw\/3c833332cbf66f95ca6751f82013acf5\r\n\r\n global $httphead,$apiurl;\r\n\r\n $ch = curl_init();\r\n\r\n \/\/ We setup a special, http DELETE action \r\n curl_setopt($ch, CURLOPT_CUSTOMREQUEST, 'DELETE');\r\n\r\n curl_setopt($ch, CURLOPT_URL, $apiurl. "\/". $block_rule_id);\r\n curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead);\r\n\r\n \/\/Tell cURL that it should only spend 10 seconds\r\n \/\/trying to connect to the URL in question.\r\n curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);\r\n\r\n \/\/A given cURL operation should only take\r\n \/\/30 seconds max.\r\n curl_setopt($ch, CURLOPT_TIMEOUT, 5);\r\n\r\n \/\/Tell cURL to return the response output as a string.\r\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);\r\n \r\n \/\/ OK - go ahead and run curl\r\n $return = curl_exec($ch);\r\n \r\n curl_close($ch);\r\n\r\n if ($return === false){\r\n return false;\r\n }else{\r\n $return = json_decode($return,true);\r\n if(isset($return['success']) && $return['success'] == true){\r\n return $return['result']['id'];\r\n }else{\r\n return false;\r\n }\r\n }\r\n}\r\n\r\n\/\/------------------------------------------------------------------------------------------\r\n\r\nfunction getcfid($ipaddress) {\r\n\r\n global $httphead,$apiurl;\r\n\r\n $data = array(\r\n \/\/'mode'=>'block',\r\n 'configuration.target'=>'ip',\r\n 'configuration.value'=>$ipaddress,\r\n );\r\n\r\n \/\/ Build query string data\r\n $qrydata = http_build_query($data);\r\n\r\n \/\/ https:\/\/stackoverflow.com\/questions\/2138527\/php-curl-http-post-sample-code\r\n\r\n $ch = curl_init();\r\n\r\n \/\/ We setup a http GET by the CURLOPT_URL option and provide an URL\r\n curl_setopt($ch, CURLOPT_URL, $apiurl."?".$qrydata);\r\n curl_setopt($ch, CURLOPT_HTTPHEADER, $httphead);\r\n\r\n \/\/Tell cURL that it should only spend 5 seconds\r\n \/\/trying to connect to the URL in question.\r\n curl_setopt($ch, CURLOPT_CONNECTTIMEOUT, 5);\r\n\r\n \/\/A given cURL operation should only take\r\n \/\/5 seconds max.\r\n curl_setopt($ch, CURLOPT_TIMEOUT, 5);\r\n\r\n \/\/Tell cURL to return the response output as a string.\r\n curl_setopt($ch, CURLOPT_RETURNTRANSFER, 1);\r\n\r\n $response = curl_exec($ch);\r\n\r\n curl_close($ch);\r\n\r\n \/\/ Debug response\r\n \/\/ echo $response;\r\n\r\n $r = json_decode($response, true);\r\n\r\n\r\n if ($r['result_info']['count'] > 0) {\r\n\r\n \/\/ echo $r['result'][0]['id'];\r\n return $r['result'][0]['id'];\r\n\r\n } else {\r\n die ("ERROR: The IP was not found in the list. \\r\\n");\r\n return False;\r\n }\r\n\r\n}\r\n\/\/------------------------------------------------------------------------------------------\r\n\r\n\r\n\/\/ Getting IP input\r\n$ip = $argv[1];\r\n\r\n\/\/ Get the CF ID of the ip in the access list\r\n$cfid=getcfid($ip);\r\necho "\\r\\n";\r\n\r\n\/\/ Use the $cfid and delete the access rule\r\n$result=cfunban($cfid);\r\necho $result;\r\necho "\\r\\n";\r\n\r\n?>\r\n<\/pre>\n\t\t\t<\/div>\n\n\n\r\n\n\n\n","protected":false},"excerpt":{"rendered":"Cloudflare has upgraded their API to version 4 some while ago. https:\/\/api.cloudflare.com\/#user-level-firewall-access-rule-properties I want to use the new APIs to block IP addresses using fail2ban. Using curl directly is a bit cumbersome, so I created a few php helper scripts. They can also be used in other projects. Thanks to andrieslouw at github https:\/\/gist.github.com\/andrieslouw\/3c833332cbf66f95ca6751f82013acf5 I didn\u2019t […]<\/p>\n","protected":false},"author":1,"featured_media":1289,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_s2mail":"yes","ngg_post_thumbnail":0},"categories":[3,14],"tags":[492,493],"_links":{"self":[{"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/posts\/1264"}],"collection":[{"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/comments?post=1264"}],"version-history":[{"count":0,"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/posts\/1264\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/media\/1289"}],"wp:attachment":[{"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/media?parent=1264"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/categories?post=1264"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.penguino.co.uk\/wp-json\/wp\/v2\/tags?post=1264"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"\"](\"http:\/\/www.penguino.co.uk\/wp-content\/uploads\/2018\/10\/cloudflare-php-firewall-e1538946554734.png\")
<\/p>\n