반응형
- email, zone_ip, api_key 정보 필요
Logpush
Logpush 설정 정보.
- CF -> Analutics -> Logs
# GET JOB ID
curl -s -H "X-Auth-Email: ${email}" -H "X-Auth-Key: ${api_key}" 'https://api.cloudflare.com/client/v4/zones/'${zone_id}'/logpush/jobs' | jq .
{
"errors": [],
"messages": [],
"result": [
{
"id": {JOB ID},
"dataset": "firewall_events",
"frequency": "high",
"kind": "",
"enabled": true,
"name": null,
"logpull_options": "fields=Action,ClientIP,ClientRequestHost,ClientRequestMethod,ClientRequestPath,ClientRequestQuery,Datetime,EdgeResponseStatus,RayID,Source,ClientCountry×tamps=rfc3339",
"destination_conf": "{logpush 목적지}",
"last_complete": "2022-05-11T10:36:22Z",
"last_error": null,
"error_message": null
}
],
"success": true
}
- JOB ID로 조회
# logstream set
curl -X PUT "https://api.cloudflare.com/client/v4/zones/${zone_id}/logpush/jobs/${job id}" \
-H "X-Auth-Email: ${email}" \
-H "X-Auth-Key: ${api_key}" \
-H "Content-Type: application/json" \
--data '{"logstream":true}' | jq
SPECTRUM
Spectrum Application 설정 정보
- CF -> Spectrum
curl -X GET "https://api.cloudflare.com/client/v4/zones/${zone_id}/spectrum/apps" \
-H "Content-Type: application/json" \
-H "X-Auth-Key: ${api_key}" \
-H "X-Auth-Email: ${email}"
Spectrum Current Connections
- Spectrum Application ID 별 Current Connection.
- 웹 대시보드에서는 볼 수 있는 방법이 없음.
- ${colocode} : 한국의 경우 ICN
- ${APPID} : Application ID
curl -X GET "https://api.cloudflare.com/client/v4/zones/${zone_ID}/spectrum/analytics/aggregate/current?coloName=${colocode}&appID=${APPID}" -H "X-Auth-Email: ${email}" -H "X-Auth-Key: ${api_key}" -H "Content-Type: application/json"
{
"result": [
{
"appID": "{APPID}",
"bytesIngress": 15549,
"bytesEgress": 296500,
"connections": 62,
"durationAvg": 76958673.20967741
}
],
"success": true,
"errors": [],
"messages": []
}
Security
Firewall rules
- CF -> Security -> WAF -> Firewall rules
#firewall rule list
curl -X GET "https://api.cloudflare.com/client/v4/zones/${zone_id}/firewall/rules" \
-H "X-Auth-Email: ${email}" \
-H "X-Auth-Key: ${api_key}" \
-H "Content-Type: application/json"
IP Access Rules
- CF -> Security -> WAF -> Tools -> IP Access Rules
- Spectrum Allplication의 IP 차단 정책은 IP Access Rules에서만이 유일하게 적용된다.
# firewall access ip rule list
#curl -X GET "https://api.cloudflare.com/client/v4/zones/${zone_id}/firewall/access_rules/rules?page=1&per_page=100&mode=block&configuration.target=country" \
curl -X GET "https://api.cloudflare.com/client/v4/zones/${zone_id}/firewall/access_rules/rules?page=1&per_page=1000&mode=block&configuration.target=ip" \
-H "X-Auth-Email: ${email}" \
-H "X-Auth-Key: ${api_key}" \
-H "Content-Type: application/json"
- IP Access rules에 IP 추가
# firewall access ip rule add
curl -X POST "https://api.cloudflare.com/client/v4/zones/${zone_id}/firewall/access_rules/rules" \
-H "X-Auth-Email: ${email}" \
-H "X-Auth-Key: ${api_key}" \
-H "Content-Type: application/json" \
--data '{"mode":"whitelist","configuration":{"target":"ip","value":"23.23.23.23"},"notes":"test"}'
# 결과
{
"result": {
"id": "9fdfc6788a4f41ab9111a6fb69a9b88b",
...
"mode": "whitelist",
"notes": "test",
"configuration": {
"target": "ip",
"value": "23.23.23.23"
},
...
},
"success": true,
"errors": [],
"messages": []
}
- IP Access rules에 IP 삭제
- Rule ID 필요하며 위에서 추가한 rules ID를 예시로 삭제
# firewall access ip rule delete
curl -X DELETE "https://api.cloudflare.com/client/v4/zones/${zone_id}/firewall/access_rules/rules/9fdfc6788a4f41ab9111a6fb69a9b88b" \
-H "X-Auth-Email: ${email}" \
-H "X-Auth-Key: ${api_key}" \
-H "Content-Type: application/json" \
--data '{"cascade":"none"}'
반응형
'Public Cloud > Cloudflare' 카테고리의 다른 글
[Cloudflare-CDN] HTTP Header를 무시하고 모든 콘텐츠 caching 하기 (0) | 2023.06.29 |
---|---|
[Cloudflare] CDN Cache 응답(Response Status)에 따른 HTTP 통신 파악하기 (0) | 2023.06.29 |
[Cloudflare] ColoCode를 Logstash에서 좌표값 Field 추가 하기 (0) | 2022.12.26 |
[Cloudflare] Spectrum Logpush 설정하기(azure) (0) | 2022.12.19 |
[Cloudflare] 4차 도메인(sub-subdomain) SSL/TLS 인증서 적용 하기 (0) | 2022.05.30 |