Block list of ips


Recently we got ddos by a bot net of over 4000 machines via http GET/POST request. I managed to check the http logs and found the ips of botnets. About 4000 Ips.

Is there anyway i can block this ip quickly on cloudflare?


You can script an API routine to add them. The tricky part is deleting them later. If you add a “note” to the block, your API deletion script can search for that note keyword and delete each match one by one.

Thanks, i dont plan to remove them from banning as they clearly botnet.

I already output the ips to a badip.txt like this:
tail badip.txt

Beside using API, is there another quick to quicky add the whole list of IPs to block list?

Sorry, you can’t batch add them from the Dashboard.

i see, i will try using api as you mentioned.

Thanks for your help and have a nice weekend ;))

1 Like

btw, do you happen to have an example api script handy? so i can modify to fit my case?


Sorry, I don’t. I’m sure someone has something workable that loops through entries in a text file. Maybe @Matteo has something.

If you have ips in a text file (each line one ip) named ips.txt you can run following bash script as: ./ ips.txt

Content of (set variables section before using):

#!/usr/bin/env bash

# >>>>>>>>>>>>>>>>>>>>>>>> Variables >>>>>>>>>>>>>>>>>>>>>>>>
email="[email protected]"
org_name="My Organization"
notes="Mass Block"
# <<<<<<<<<<<<<<<<<<<<<<<< Variables <<<<<<<<<<<<<<<<<<<<<<<<


for ip in `cat "$1"`; do
  curl -sSX POST "$zones/firewall/access_rules/rules" \
    -H "X-Auth-Email: $email" \
    -H "X-Auth-Key: $authkey" \
    -H "Content-Type: application/json" \
    –data "{\"mode\":\"block\",\"scope\":{\"id\":\"$id\",\"name\":\"$org_name\",\"type\":\"organization\"},\"configuration\":{\"target\":\"ip\",\"value\":\"$ip\"},\"notes\":\"$notes\"}" ;

  echo "$count. blocked: $ip"

echo `tput setaf 3`Total of $count IPs blocked.`tput sgr0`

awesome, thanks alot


I wouldn’t have had anything, thanks @Xaq!

1 Like

This topic was automatically closed after 30 days. New replies are no longer allowed.