Created
July 9, 2019 07:09
-
-
Save teknikqa/9346bc8d0e84ad144bc363e84ed5c50c to your computer and use it in GitHub Desktop.
Custom Cloudflare WAF rules for Drupal
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # | |
| # Script to import custom WAF rules using the Cloudflare API. | |
| # | |
| # Taken from https://www.pixelite.co.nz/article/custom-cloudflare-waf-rules-that-every-drupal-site-should-run/ | |
| # Blocks: | |
| # 1. Unfriendly Drupal 7 URLs | |
| # 2. Autodiscover of Microsoft Exchange | |
| # 3. Wordpress PHP scripts | |
| # 4. Wordpress common folders (excluding content) | |
| # 5. Wordpress content folder | |
| # 6. SQL injection in URL | |
| # 7. Drupal 8 install script | |
| # 8. Microsoft Office/Skype for Business POST requests | |
| # 9. Microsoft Active Sync | |
| curl 'https://api.cloudflare.com/client/v4/zones/XXXXXXXXXXXXXX/firewall/rules' \ | |
| -H 'X-Auth-Email: XXXXXXXXXXXXXX' \ | |
| -H 'X-Auth-Key: XXXXXXXXXXXXXX' | |
| -H 'Accept: application/json' \ | |
| -H 'Content-Type: application/json' | |
| -H 'Accept-Encoding: gzip' | |
| -X POST \ | |
| -d '[{"ref":"","description":"Autodiscover","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.path matches \"\/autodiscover\\.xml$\") or (http.request.uri.path matches \"\/autodiscover\\.src\/\")"}},{"ref":"","description":"Drupal 7 Unfriendly URLs (bots)","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.query matches \"q=user\/register\") or (http.request.uri.query matches \"q=node\/add\")"}},{"ref":"","description":"Install script","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.path eq \"\/core\/install.php\")"}},{"ref":"","description":"Microsoft Active Sync","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.path eq \"\/Microsoft-Server-ActiveSync\")"}},{"ref":"","description":"Microsoft Office\/Skype for Business POST requests","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.method eq \"POST\") and (http.user_agent matches \"Microsoft Office\" or http.user_agent matches \"Skype for Business\")"}},{"ref":"","description":"SQLi in URL","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.path contains \"select unhex\") or (http.request.uri.path contains \"select name_const\") or (http.request.uri.path contains \"unhex(hex(version()))\") or (http.request.uri.path contains \"union select\") or (http.request.uri.path contains \"select concat\")"}},{"ref":"","description":"Wordpress common folders (excluding content)","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.path matches \"\/wp-(admin|includes|json)\/\")"}},{"ref":"","description":"Wordpress content folder","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.path matches \"\/wp-content\/\")"}},{"ref":"","description":"Wordpress PHP scripts","paused":false,"action":"block","priority":null,"filter":{"expression":"(http.request.uri.path matches \"\/wp-.*\\.php$\")"}}]' |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment