I have set this up.
What does it actually do?
CloudFlare Client API
CloudFlare Client API
They say that good intentions, pave the road to hell;
If a thing is not worth doing, it's not worth doing well.
If a thing is not worth doing, it's not worth doing well.
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: CloudFlare Client API
It allows your system to send a request to Cloudflare to shun an IP. There is a finite limit to the number of IPs they will let you block, but this helps with the issue that a CDN prevents you from blocking IPs locally.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: CloudFlare Client API
Mike:
Has there been consideration for adding removal code as well? Perhaps a periodic function that would remove IPs that were X days old would help with the issue of the IP buildup over time?
Has there been consideration for adding removal code as well? Perhaps a periodic function that would remove IPs that were X days old would help with the issue of the IP buildup over time?
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: CloudFlare Client API
IPs are already removed automatically based on whatever period you have set for normal shuns.
There is no limit the number of IPs you can shun locally, there is a limit to the number of IPs Cloudflare and other CDNs will let you block.
There is no limit the number of IPs you can shun locally, there is a limit to the number of IPs Cloudflare and other CDNs will let you block.
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone
Re: CloudFlare Client API
Mike:
Thanks for the clarification. I'd previously thought that the mention of the IP limit at Cloudflare was due to the shunned IPs building up over time as they weren't being removed at Cloudflare (making it likely that the overall limit would be reached).
Thanks for the clarification. I'd previously thought that the mention of the IP limit at Cloudflare was due to the shunned IPs building up over time as they weren't being removed at Cloudflare (making it likely that the overall limit would be reached).
- mikeshinn
- Atomicorp Staff - Site Admin
- Posts: 4149
- Joined: Thu Feb 07, 2008 7:49 pm
- Location: Chantilly, VA
Re: CloudFlare Client API
No its just a limit of the total number of IPs they and other CDNs will allow you to block at any time. Once you bit whatever limit they have you cant block anything else on their end. Keep that in mind when you use a CDN. For example, here is an article from CloudFlare documenting their limits:
https://support.cloudflare.com/hc/en-us ... -Firewall-
https://support.cloudflare.com/hc/en-us ... -Firewall-
Michael Shinn
Atomicorp - Security For Everyone
Atomicorp - Security For Everyone