Hmm, that's a good question lol. Currently my root website.com is proxied through Cloudflare to my L

Hmm, that's a good question lol. Currently my root website.com is proxied through Cloudflare to my Linode VPS. I was hoping to point (hopefully proxied) to my self-hosted server for the subdomain.com website. I believe pfSense has a Dynamic DDNS function for Cloudflare to do this but I'm not entirely sure how to plumb it all to get it working. If that makes sense?

Ffleabeard Hmm, that's a good question lol. Currently my root website.com is proxied throug...

Chaika•7/12/23, 6:09 PM

That makes sense yea, your initial wording made me think you were trying to do something different.
Cloudflare offers something called Cloudflare Tunnels, which you can install on your self-hosted server, they establish an outbound connection to Cloudflare, and then proxy requests to your local web server. They are very handy for self-hosting, they don't require any port forwarding or dynamic dns, they don't care at all if your IP changes since they connect outbound: https://developers.cloudflare.com/cloudflare-one/connections/connect-apps/install-and-setup/tunnel-guide/remote/

Alternatively, you could use something like dynamic dns utlity with Cloudflare support and port forward either proxied or unproxied

Via the dashboard · Cloudflare Zero Trust docs

Follow this step-by-step guide to get your first tunnel up and running using Zero Trust.

fleabeardOP•7/12/23, 6:10 PM

Yeah, I'm sorry. I'm a newb at all of this so my wording will be problematic

fleabeardOP•7/12/23, 6:16 PM

I guess what I need is the temporary IPv4 Address. I think it used to be 1.1.1.11.1.1.1 but was changed. Do you happen to know what that would be?

fleabeardOP•7/12/23, 6:16 PM

Following this as a guide https://www.youtube.com/watch?v=8GYs61ThGBM

MattIPv4•7/12/23, 6:19 PM

https://developers.cloudflare.com/dns/troubleshooting/faq/#what-ip-should-i-use-for-parked-domain--redirect-only--originless-setup you can use 192.0.2.0

fleabeardOP•7/12/23, 6:20 PM

Cheers!

fleabeardOP•7/12/23, 6:24 PM

That got me sorted, thanks to you both

who wants to vex mutumboooo•7/12/23, 6:59 PM

is it possible to purchase / register domains via API for non enterprise customers?

Erisa•7/12/23, 7:04 PM

No, it's not

Cyb3r-Jak3•7/12/23, 9:44 PM

You just delete the application covering the URL

Cyb3r-Jak3•7/12/23, 9:44 PM

There is a free plan for up to 50 users

Cyb3r-Jak3•7/12/23, 9:44 PM

How did you set it up?

Cyb3r-Jak3•7/12/23, 9:46 PM

You can put in payment info for it then delete it. It isn't used unless you go over 50 users

Unsmart•7/12/23, 9:47 PM

You might be able to use the API otherwise yeah you might have to enter in the card to use it

Unsmart•7/12/23, 9:47 PM

https://developers.cloudflare.com/api/

Cloudflare API Documentation

Interact with Cloudflare's products and services via the Cloudflare API

Salamus•7/12/23, 10:16 PM

// Create allowlist rule
curl_setopt($ch, CURLOPT_URL, "https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array(
    'filter' => array(
        'expression' => $allowlist_rule
    ),
    'action' => 'allow'
)));

$result = curl_exec($ch);
echo $result;
// Check if allowlist rule addition is successful
if ($result->success === false) {
    echo "Failed to add allowlist rule for domain {$domain} to Cloudflare\n";
    continue;
}

// Create denyrule rule
curl_setopt($ch, CURLOPT_URL, "https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array(
    'filter' => array(
        'expression' => $denyrule_rule
    ),
    'action' => 'block'
)));

// Create allowlist rule
curl_setopt($ch, CURLOPT_URL, "https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array(
    'filter' => array(
        'expression' => $allowlist_rule
    ),
    'action' => 'allow'
)));

$result = curl_exec($ch);
echo $result;
// Check if allowlist rule addition is successful
if ($result->success === false) {
    echo "Failed to add allowlist rule for domain {$domain} to Cloudflare\n";
    continue;
}

// Create denyrule rule
curl_setopt($ch, CURLOPT_URL, "https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules");
curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array(
    'filter' => array(
        'expression' => $denyrule_rule
    ),
    'action' => 'block'
)));

is this code irregular? It gives an error
"code": 10014,
"message": "firewallrules.api.malformed_request_body"

the expression rule is alright, copied it myself from a working domain

btw i used php

lokiwind•7/13/23, 12:35 PM

I want to prevent users using opera vpn from accessing my website.
Can I do this with workers
What kind of query should I use if I can

Unsmart•7/13/23, 12:59 PM

Chaika•7/13/23, 12:59 PM

It got upgraded semi-recently

Unsmart•7/13/23, 1:00 PM

upgraded is an understatement

Llokiwind I want to prevent users using opera vpn from accessing my website. Can I do this...

Chaika•7/13/23, 1:02 PM

probably the easiest way would be to find all of the ASNs/Providers they use and block/challenge them, looks like they use SurfEasy under the hood, generally more trouble then it's worth imo

BBUTTΞRKΞKS1000 Ok maybe it wont show in the mobile view

Chaika•7/13/23, 1:06 PM

it should, although it's pretty unusable unless you're on a very wide phone/tablet or something. You don't see the button, or it doesn't load?

mystiquewolf•7/13/23, 5:45 PM

Does cloudflare automatically add CAA records for free Universal SSL customers? https://developers.cloudflare.com/ssl/edge-certificates/caa-records/

Add CAA records · Cloudflare SSL/TLS docs

A Certificate Authority Authorization (CAA) DNS record specifies which certificate authorities (CAs) are allowed to issue certificates for a domain. …

mystiquewolf•7/13/23, 5:46 PM

i don't see such added. How to prevent others CAs than the ones that Cloudflare uses?

mystiquewolf•7/13/23, 5:48 PM

I mean i see that they won't appear in the dashbard, but dig doesn't show CAA records too. AFAIU Cloudflare adds it's own CAA records if you try to add at least one custom CAA. But what if i don't want a custom one but only the Cloudflare ones?

mystiquewolf•7/13/23, 5:49 PM

This has not been well thought feature

Cyb3r-Jak3•7/13/23, 5:52 PM

^ Cloudflare doesn’t know if you have certificates for servers from other CAs so it doesn’t want to break those

Cyb3r-Jak3•7/13/23, 5:53 PM

If you have a DNS only record that has a certificate from a CA and then if Cloudflare auto adds a CAA record that you can’t see then it could break the origin cert

mystiquewolf•7/13/23, 6:32 PM

i see cloudflare uses Sectigo and Google Trust Services

// Create allowlist rule curl_setopt($ch, CURLOPT_URL, "https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules"); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array( 'filter' => array( 'expression' => $allowlist_rule ), 'action' => 'allow' ))); $result = curl_exec($ch); echo $result; // Check if allowlist rule addition is successful if ($result->success === false) { echo "Failed to add allowlist rule for domain {$domain} to Cloudflare\n"; continue; } // Create denyrule rule curl_setopt($ch, CURLOPT_URL, "https://api.cloudflare.com/client/v4/zones/$zone_id/firewall/rules"); curl_setopt($ch, CURLOPT_POSTFIELDS, json_encode(array( 'filter' => array( 'expression' => $denyrule_rule ), 'action' => 'block' )));

Hmm, that's a good question lol. Currently my root website.com is proxied through Cloudflare to my L

Similar Threads

Similar Threads

Similar Threads