Block list of ips

Hi,

Recently we got ddos by a bot net of over 4000 machines via http GET/POST request. I managed to check the http logs and found the ips of botnets. About 4000 Ips.

Is there anyway i can block this ip quickly on Cloudflare?

Thanks

You can script an API routine to add them. The tricky part is deleting them later. If you add a “note” to the block, your API deletion script can search for that note keyword and delete each match one by one.

https://api.Cloudflare.com/#user-level-firewall-access-rule-create-access-rule

Thanks, i dont plan to remove them from banning as they clearly botnet.

I already output the ips to a badip.txt like this:
tail badip.txt
96.9.86.170
96.9.87.2
96.9.88.47
97.75.124.126
97.79.174.222
97.92.111.244
98.100.194.171
98.172.141.125
98.172.142.6
99.100.78.207

Beside using API, is there another quick to quicky add the whole list of IPs to block list?
Thanks

Sorry, you can’t batch add them from the Dashboard.

i see, i will try using api as you mentioned.

Thanks for your help and have a nice weekend ;))

1 Like

btw, do you happen to have an example api script handy? so i can modify to fit my case?

Thanks

Sorry, I don’t. I’m sure someone has something workable that loops through entries in a text file. Maybe @Matteo has something.

If you have ips in a text file (each line one ip) named ips.txt you can run following bash script as: ./block.sh ips.txt

Content of block.sh (set variables section before using):

#!/usr/bin/env bash

# >>>>>>>>>>>>>>>>>>>>>>>> Variables >>>>>>>>>>>>>>>>>>>>>>>>
zones="myzone"
email="[email protected]"
authkey="AuthKey"
id="id"
org_name="My Organization"
notes="Mass Block"
# <<<<<<<<<<<<<<<<<<<<<<<< Variables <<<<<<<<<<<<<<<<<<<<<<<<

count=0

for ip in `cat "$1"`; do
  curl -sSX POST "https://api.Cloudflare.com/client/v4/zones/$zones/firewall/access_rules/rules" \
    -H "X-Auth-Email: $email" \
    -H "X-Auth-Key: $authkey" \
    -H "Content-Type: application/json" \
    –data "{\"mode\":\"block\",\"scope\":{\"id\":\"$id\",\"name\":\"$org_name\",\"type\":\"organization\"},\"configuration\":{\"target\":\"ip\",\"value\":\"$ip\"},\"notes\":\"$notes\"}" ;

  ((count++))
  echo "$count. blocked: $ip"
done

echo
echo `tput setaf 3`Total of $count IPs blocked.`tput sgr0`
3 Likes

awesome, thanks alot

3 Likes

I wouldn’t have had anything, thanks @Xaq!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.