Created
October 25, 2018 08:51
-
-
Save BobbyWibowo/1df5d58af1d41eb4c978ca7e142f3f0e to your computer and use it in GitHub Desktop.
A simple command-line utility to submit a new IP to Cloudflare firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
#!/usr/bin/env bash | |
ZONE_ID="" | |
EMAIL="" | |
API_KEY="" | |
LOG_FILE="csfip.log" | |
if [ $# -eq 0 ]; then | |
echo "USAGE : csfip.sh <IP_ADDRESS> [MODE=challenge] [...NOTES=Submitted with csfip.sh]" | |
echo "EXAMPLE : csfip.sh 123.44.55.66 block Spam bot" | |
exit 1 | |
fi | |
IP_ADDRESS="$1"; shift | |
MODE="$1"; shift | |
NOTES="$@" | |
if [ -z "$MODE" ]; then | |
MODE="challenge" | |
fi | |
if [ -z "$NOTES" ]; then | |
NOTES="Submitted with csfip.sh" | |
fi | |
if [ "$MODE" != "block" ] && [ "$MODE" != "challenge" ] && [ "$MODE" != "whitelist" ] && [ "$MODE" != "js_challenge" ]; then | |
echo "ERROR: Mode must either be 'block', 'challenge', 'whitelist' or 'js_challenge'" | |
exit 1 | |
fi | |
curl -X POST "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/firewall/access_rules/rules" -H "X-Auth-Email: $EMAIL" -H "X-Auth-Key: $API_KEY" -H "Content-Type: application/json" --data "{\"mode\":\"$MODE\",\"configuration\":{\"target\":\"ip\",\"value\":\"$IP_ADDRESS\"},\"notes\":\"$NOTES\"}" | |
echo $IP_ADDRESS >> $LOG_FILE |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
The name
csf
was actually influenced by CSF firewall. I wanted to make the script also submit the IP into CSF's deny list withcsf -d IP_ADDRESS
, but that would require sudo in a non-root account, and I imagined it'd be a pain to submit my user password all the time, so I left that out, while still using the same name.