Skip to content
/ cloudflare-waf-rules-wizard Public
forked from presswizards/cloudflare-waf-rules-wizard

A lil plugin that bulk creates Troy's WAF rules for each domain in an account.

License

GPL-3.0 license
0 stars 10 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

squarecandy/cloudflare-waf-rules-wizard

BranchesTags
 
 

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

41 Commits
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
config-example.php
config-example.php
 
 
functions.php
functions.php
 
 
index.php
index.php
 
 
phpcs.xml
phpcs.xml
 
 
rules.php
rules.php
 
 
style.css
style.css
 
 

Repository files navigation

Cloudflare WAF Rules Wizard - Standalone Version

Thanks to:

  • The amazing work by Troy Glancy and his superb Cloudflare WAF Rules. Read through the WAF rules logic and details on his site.
  • Rob Marlbrough - PressWizards.com - for the original WordPress plugin this standalone version is based on.

Security Notes

  • Only ever run this tool in a protected localhost environment, for security
  • Never check in Cloudflare security credentials

Installation and Operation

  • Setup your config.php file based on config-example.php
  • Maintain different rule sets in rules.php

It takes your Cloudflare API key, email, and account ID, and then gets all the domains in that account, and displays a checkbox list of them all, and you can choose the domains you want to add custom WAF rules to, and bulk update all the domains with one click.

Some Important Notes

⚠️ Please note that this system overwites the WAF rules on all domains, it will erase the existing rules and create new ones.

⚠️ Use at your own risk. These rules may block certain services such as monitoring, uptime, or CDN services, so you may need to add exclusions if those services suddenly can't connect to your domain(s), using the Events log in Cloudflare showing the user agent or other data to add to the first rule that allows requests to bypass the remaining rules.

Configure Settings

All configurations are set in config.php and should never be checked in to git. Protecting the security of your Cloudflare API keys is extremely important.

  • CLOUDFLARE_EMAIL is your email is the email you log in with.
  • CLOUDFLARE_API_KEY you can retrieve/generate your API key here. The Global API Key will give you access to manage all domains and accounts with this tool. With great power comes great responsibility!!!
  • CLOUDFLARE_ACCOUNT_IDS should be an array of IDs - even if you just need 1 for now. Here are instructions for where you can find each Account ID.

Roadmap

  • Create an "Update" Mode that will only update rules found with identical descriptions, and will leave all other existing rules as they are.
  • Create an intermediary "are you sure" step that displays the existing rules and asks if you want to proceed, unless they are identical or completely blank.
  • Backup/Restore system: backup existing rules to a file (probably json) and allow restoring from backup files.
  • Group/Label domain checkboxes with Account name above them.
  • Event logging - keep a record of what domain was updated with what ruleset when.

About

A lil plugin that bulk creates Troy's WAF rules for each domain in an account.

Resources

Readme

License

GPL-3.0 license
Activity
Custom properties

Stars

0 stars

Watchers

0 watching

Forks

2 forks
Report repository

Releases

4 tags

Packages

No packages published

Languages

  • PHP 95.9%
  • CSS 4.1%