Auto whitelist IP logged into Dashboard

#1

I am working in a client CMS and am getting the firewall challenge every time I save a page. Somehow, I am triggering 22 rules!

"triggered_rule_ids": [
"950901",
"960024",
"973300",
"973304",
"973332",
"973333",
"973338",
"973347",
"981133",
"981136",
"981176",
"981245",
"981256",
"981305",
"981307",
"981310",
"981317",
"2000001",
"2000003",
"2000004",
"2000006"
]

I have whitelisted my IP. But I think this should be automated. If I am logged into the CloudFlare dashboard, auto whitelist my IP either indefinitely, for 30 minutes, or until logged out of the dashboard. This would be really handy option with non-static IPs, like when traveling, etc.

Or maybe there is a simpler solution? I don’t want to whitelist the CMS directories, in case someone figures out how to get in there.

#2

You could cron a local script to hit the API and whitelist your IP address. It seems smart enough to not let you add the same address multiple times.

#3

Yes. But I wouldn’t want past IPs piling up in there, assuming they are likely to be recycled by ISPs. Auto would be a really clean solution.

#4

You could try a dynamic IP client on your phone/computer and add
or (http.host ne "example.dyndns.org")
to your CMS Firewall Rule.

#5

A possible workaround, if you don’t mind navigating the CMS with Dev Tools open, would be to create a long key and use it as your own User Agent, then have that UA allowed in a Firewall Rule.

You’d open Dev Tools > Network > three vertical dots > Network Solutions and uncheck the automatic user agent. Once you set your own UA, you will be able to use it in any tab where you open Dev Tools and uncheck the automatic UA (the one you set will be remembered).

If you are using your laptop in a client’s network, you don’t need to worry about forgetting whitelisted IPs. Of course it would be advisable to change the UA key every now and then.

2 Likes
#6

I see how that would function. It still requires work on my end. I’m big on automation though. I’m looking for an auto solution.

I thought of using cookies set by the CMS, too. But that would take away a layer of security - if someone malicious were to somehow get into the CMS.

1 Like
#7

You could totally automate that. Well…maybe you…definitely not me. Cronjob to the API and list all the ones that match the secret note:
https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules

Then delete the ones that match.

And create a new one with your current IP address and secret note.

1 Like