-
Notifications
You must be signed in to change notification settings - Fork 27
/
Copy pathCloudflare.sh
88 lines (62 loc) · 2.25 KB
/
Cloudflare.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
#!/bin/bash
# $1 = 1min, $2 = 5min, $3 = 15min
loadavg=$(awk '{printf "%f", $1}' < /proc/loadavg)
# load is 10, you can modify this if you want load more than 10
maxload=10
# Configuration API Cloudflare
# Your Global API Key (https://dash.cloudflare.com/profile)
api_key=
# Email of your Cloudflare account
email=
# Zone ID (https://dash.cloudflare.com/_zone-id_/domain.com)
zone_id=
# Default security level when there is no attack, see in readme
default_security_level=high
# Whether to write debug messages to the debug.log file under script dir
debug=0
basedir=$(dirname "$0")
attacked_file=$basedir/attacked
[ "$debug" -eq 1 ] && exec > "${logfile:-$basedir/debug.log}"
# You can put aforementioned config values either in-place
# or in the file named 'config' in the script's directory.
config_file=$basedir/config
[ -e "$config_file" ] && source "$config_file"
api_set_mode() {
local mode
mode=$1
curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/$zone_id/settings/security_level" \
-H "X-Auth-Email: $email" \
-H "X-Auth-Key: $api_key" \
-H "Content-Type: application/json" \
--data "{\"value\":\"$mode\"}" \
|| echo "Error: failed to set security level to $mode"
}
# create file "attacked" if doesn't exist
if [ ! -e "$attacked_file" ]; then
echo 0 > "$attacked_file"
fi
was_under_attack=$(cat "$attacked_file")
under_attack=$(echo "$loadavg > $maxload" | bc)
if [[ "$1" != [01] ]]; then
echo "Incorrect usage! Please pass either 0 or 1 as an argument"
exit 1
fi
if [ $debug -eq 1 ]; then
echo "Mode: $1; was under attack: $was_under_attack; now under attack: $under_attack"
echo "Load average: $loadavg"
fi
if [ "$1" -eq 0 ] && [ "$was_under_attack" -eq 0 ] && [ "$under_attack" -eq 1 ]; then
# attack just started and we want to enable under-attack mode
# Activate protection
[ "$debug" -eq 1 ] && echo "Activating under-attack mode!"
echo 1 > "$attacked_file"
api_set_mode under_attack
elif [ "$1" -eq 1 ] && [ "$was_under_attack" -eq 1 ] && [ "$under_attack" -eq 0 ]; then
# attack just finished (and up to 20 minutes passed since)
# and we want to disable under-attack mode
# Disable Protection
[ "$debug" -eq 1 ] && echo "Leaving under-attack mode!"
echo 0 > "$attacked_file"
api_set_mode "$default_security_level"
fi
exit 0