Skip to content

Instantly share code, notes, and snippets.

@shagamemnon

shagamemnon/waf-disable-to-simulate.md

Last active March 3, 2021 20:24
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save shagamemnon/2b647d53da9cb3e1ca829516e8624721 to your computer and use it in GitHub Desktop.
Save shagamemnon/2b647d53da9cb3e1ca829516e8624721 to your computer and use it in GitHub Desktop.
Download ZIP
Change all rules from Cloudflare Managed Rulesets to simulate mode
Raw
waf-disable-to-simulate.md

Prerequisites

Change all WAF rules to Simulate mode

Applies only to rules with Default mode Block or Challenge

_CFAPIEMAIL=""
_CFAPIKEY=""
_CFAPIZONEID=""
 
curl -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages" | jq -r '.result[]|select(.name == "CloudFlare").id' | \
    while read packageID; do
        for i in $(eval echo "{1..$(curl  -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages/$packageID/rules?per_page=100" | jq -r '.result_info.total_pages')}"); do
            curl -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages/$packageID/rules?per_page=100&page=$i" | jq -cr '.result[]' | \
                while read rule; do
                    wafID="$(echo "$rule" | jq -r .id)"
                    defaultMode="$(echo "$rule" | jq -r .default_mode)"
                    if [[ "$defaultMode" == "block" || "$defaultMode" == "challenge" ]]; then
                        curl -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages/$packageID/rules/$wafID" -X PATCH --data '{"mode":"simulate"}' | jq
                    fi
                done
            done
        done

Revert WAF rules to Default mode

Applies only to rules with Default mode Block or Challenge

_CFAPIEMAIL=""
_CFAPIKEY=""
_CFAPIZONEID=""
 
curl -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages" | jq -r '.result[]|select(.name == "CloudFlare").id' | \
    while read packageID; do
        for i in $(eval echo "{1..$(curl  -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages/$packageID/rules?per_page=100" | jq -r '.result_info.total_pages')}"); do
            curl -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages/$packageID/rules?per_page=100&page=$i" | jq -cr '.result[]' | \
                while read rule; do
                    wafID="$(echo "$rule" | jq -r .id)"
                    defaultMode="$(echo "$rule" | jq -r .default_mode)"
                    if [[ "$defaultMode" == "block" || "$defaultMode" == "challenge" ]]; then
                        curl -s -H "X-Auth-Email: $_CFAPIEMAIL" -H "X-Auth-Key: $_CFAPIKEY" -H "Content-Type: application/json" "https://api.cloudflare.com/client/v4/zones/$_CFAPIZONEID/firewall/waf/packages/$packageID/rules/$wafID" -X PATCH --data '{"mode":"default"}' | jq
                    fi
                done
            done
        done
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment