如何使用 Cloudflare API 端点获取所有 Cloudflare Specials 托管规则 例如。 异常:标头:用户代理 - 丢失, DoS - IE6 二进制 POST, 异常:标头:用户代理,异常:标头:引用者 - 缺失或为空, DoS - 查询字符串缓存清除 - 6 个或更多数字, DotNetNuke - 文件包含 - CVE:CVE-2018-9126、CVE:CVE-2011-1892、CVE:CVE-2022-31474
它有超过460条规则,我只需要这些规则的配置。
我正在使用此 API 端点,但出现以下错误
https://api.cloudflare.com/client/v4/zones/xyz/waf_migration/config?phase_two=1
{ “结果”:空, “成功”:假, “错误”:[ { "message": "此区域使用 WAF URI 覆盖 - 请联系您的 CSM 进行迁移" } ], “消息”:空 }
谢谢
先获取规则集id,
% curl -sX GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets" \
-H "X-Auth-Email: $EMAIL" \
-H "X-Auth-Key: $APIKEY" \
-H "Content-Type: application/json" | jq -r '.result[] | select (.name == "Cloudflare Managed Ruleset")'
{
"id": "efb7b8c949ac4650a09736fc376e9aee",
"name": "Cloudflare Managed Ruleset",
"description": "Created by the Cloudflare security team, this ruleset is designed to provide fast and effective protection for all your applications. It is frequently updated to cover new vulnerabilities and reduce false positives.",
"source": "firewall_managed",
"kind": "managed",
"version": "194",
"last_updated": "2024-04-22T20:47:31.939647Z",
"phase": "http_request_firewall_managed"
}
然后就可以通过规则集id获取规则集中的所有规则了
% curl -sX GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/rulesets/efb7b8c949ac4650a09736fc376e9aee" \
-H "X-Auth-Email: $EMAIL" \
-H "X-Auth-Key: $APIKEY" \
-H "Content-Type: application/json" | jq -r '.result.rules[]'
{
"id": "5de7edfa648c4d6891dc3e7f84534ffa",
"version": "194",
"action": "block",
"categories": [
"cve-2014-5265",
"cve-2014-5266",
"cve-2014-5267",
"dos",
"drupal",
"wordpress"
],
"description": "Drupal, Wordpress - DoS - XMLRPC - CVE:CVE-2014-5265, CVE:CVE-2014-5266, CVE:CVE-2014-5267",
"last_updated": "2024-04-22T20:47:31.939647Z",
"ref": "b569ea728adc47b3ba6dee1b5d3b2849",
"enabled": false
}
{
"id": "e3a567afc347477d9702d9047e97d760",
"version": "191",
"action": "block",
"categories": [
"cve-2020-12720",
"sqli",
"vbulletin",
"beta"
],
"description": "vBulletin - SQLi - CVE:CVE-2020-12720 - beta",
"last_updated": "2024-04-22T20:47:31.939647Z",
"ref": "8db020ccd4d0be9f46b817a4865a1b482",
"enabled": false
}
{
"id": "980c5b4fa30f4214b836ebd8521e1eff",
"version": "163",
"action": "block",
"categories": [
"broken-access-control",
"wordpress"
],
"description": "Wordpress - Broken Access Control",
"last_updated": "2024-04-22T20:47:31.939647Z",
"ref": "e75cd6ec7756048bf35e7f3f514a13f8",
"enabled": true
}
...
{
"id": "c11d57f6f6204c338b0cab291a3e21e4",
"version": "1",
"action": "block",
"categories": [
"remote-code-execution",
"beta",
"new"
],
"description": "Remote Code Execution - Generic Payloads",
"last_updated": "2024-04-22T20:47:31.939647Z",
"ref": "846e12c8ca535ed20e1ac6e9359f80dc",
"enabled": false
}
{
"id": "048dc8c7995f44b5871eed98554f9705",
"version": "1",
"action": "log",
"categories": [
"beta"
],
"description": "Vulnerability scanner activity Beta",
"last_updated": "2024-04-22T20:47:31.939647Z",
"ref": "95ed449897b26e1b65fa899bcf5eeb6a",
"enabled": true
}