Enable CloudFlare DDoS Protection Automatically

Enable CloudFlare DDoS Protection Automatically

 

CloudFlare offers a free DDoS protection and they have a cool API that you could use to enable and disable their DDoS protection easily.

I've decided to write a short bash script which would enable and disable this for your website automatically if needed.

Please note that this is mainly an example. The script can be modified based on your needs and on your server hardware power. You can feel free to contact me for an advice if you wish.

Before following this guide here, please setup your CloudFlare account and get your website ready. If you are not sure how to do that you can follow these steps here: Create a Cloudflare account and add a website

Once you have your CloudFlare account and once your website is routed though CloudFlare you can follow the steps here:

  • Make sure curl is installed on your server:

curl --version

If curl is not installed you need to run the following:

  • For RedHat/CentOs

yum install curl

  • For Debian/Ubuntu

apt-get install curl

  • Create a working directory

mkdir ~/cloudflare

  • We are now going to create the scripts that would actually hookup with the API and would enable/disable the DDoS protection. We would need a few things, which you could get from your CloudFlare account:
  1. Your Zone ID
  2. Your API key
  3. The email address associated with the API key

Once you have this information create the following files with the following content:

  • This file would be used to disable the DDoS protection

vim ~/cloudflare/medium.sh

  • Add the following and update the information accordingly:
 
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID-GOES-HERE/settings/security_level" \
     -H "X-Auth-Email: YOUR-EMAIL-GOES-HERE@YOUR-DOMAIN.COM" \
     -H "X-Auth-Key: YOUR API KEY GOES HERE" \
     -H "Content-Type: application/json" \
     --data '{"value":"medium"}'

 

  • Create a second file which would be used to enable the DDoS protection

vim ~/cloudflare/under_attack.sh

  • Add the following and update the information accordingly:
 
curl -X PATCH "https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID-GOES-HERE/settings/security_level" \
     -H "X-Auth-Email: YOUR-EMAIL-GOES-HERE@YOUR-DOMAIN.COM" \
     -H "X-Auth-Key: YOUR-API-KEY-GOES-HERE" \
     -H "Content-Type: application/json" \
     --data '{"value":"under_attack"}'

Now we are ready to get the script up and running. Please note that you would need to update some values accordingly. Simply read the comments : )

vim ~/cloudflare/protection.sh

#!/bin/bash

###
# Automating your CloudFlare DDoS Protection by https://bobbyiliev.com
###

###
# Check current status:
###

# update the zone Id, the email address and the API

curl -X GET "https://api.cloudflare.com/client/v4/zones/YOUR-ZONE-ID-GOES-HERE/settings/security_level" \
     -H "X-Auth-Email: YOUR-EMAIL-GOES-HERE@YOUR-DOMAIN.COM" \
     -H "X-Auth-Key: YOUR-API-KEY-GOES-HERE" \
     -H "Content-Type: application/json" 2>/dev/null > /tmp/CurrentStatus.tmp

cat /tmp/CurrentStatus.tmp | awk -F":" '{ print $4 }' | awk -F',' '{ print $1 }' | tr -d '"' > /tmp/status.tmp

###
# Monitring your CPU load:
###

load=$(uptime | awk -F'average:' '{ print $2 }' | awk '{print $1}' | sed 's/,/ /')

ddos=${load%.*}

###
#  Check current DDoS protection status under CF
###

currentStatus=$(cat /tmp/status.tmp)

###
# Monitor the status and enable the DDoS protection if required:
###

## !!! My server has 6 vCPUs so I will set the max CPU load to 12 and the normal CPU load to 6
## !!! you can adjust this depending on your hardware

maxCPUload=12;
normalCPUload=6;

if [ $ddos -gt $maxCPUload ]
  then
    if [ $currentStatus = medium ]
    then
	 sh ~/cloudflare/under_attack.sh
	 echo "$(date) - Enabled DDoS" >> ~/cloudflare/ddos.log 
	 ## If you would like to enable email notifications uncomment the line bellow:
	 ##echo "$(date) - Enabled DDoS"  | mail -s "Enabled DDoS" bobby@bobbyiliev.com
    else
      exit
    fi
elif [ $ddos -lt $normalCPUload ]
  then
    # If the CPU load is less than the normal CPU load for your server,
    # then the DDoS protection would be disabled if the current status is under attack
    if [ $currentStatus = under_attack ]
    then
         sh ~/cloudflare/medium.sh
         echo "$(date) - Disabled DDoS" >> ~/cloudflare/ddos.log 
         ## If you would like to enable email notifications uncomment the line bellow:
         ##echo "$(date) - Disabled DDoS"  | mail -s "Enabled DDoS" bobby@bobbyiliev.com
    else
      exit
    fi
else
  #echo "everything is under control"
  exit
fi

Now add executable permissions:

chmod +x ~/cloudflare/protection.sh

Now that we have the script in place all you need to do is to add a cron job that would trigger the script every 30 seconds for example, the cron should look something like:
crontab -e

* * * * * /path-to-the-script/cloudflare/protection.sh
* * * * * ( sleep 30 ; /path-to-the-script/cloudflare/protection.sh )

This is pretty much it, please test the script before adding the cron job. If you get any errors, please feel free to send me an email.

 

Coffee For Me