Cloudflare API rate limit Protect my Login

#1

Can i create a rate limit for a domain for using the “protect my login” feature from the API. If not does anyone know what the curl, basic settings would be 5 logins 5 min block.

0 Likes

#2

The API lets you create a Rate Limit for any URL, including a wildcard.
https://api.cloudflare.com/#rate-limits-for-a-zone-create-rate-limit

Here’s an example:
curl -X POST "https://api.cloudflare.com/client/v4/zones/023e105f4ecef8ad9ca31a8372d0c353/rate_limits" \ -H "X-Auth-Email: [email protected]" \ -H "X-Auth-Key: c2547eb745079dac9320b638f5e225cf483cc5cfdda41" \ -H "Content-Type: application/json" \ --data '{"id":"372e67954025e0ba6aaa6d586b9e0b59","disabled":false,"description":"Prevent multiple login failures to mitigate brute force attacks","match":{"request":{"methods":["GET","POST"],"schemes":["HTTP","HTTPS"],"url":"*.example.org/path*"},"response":{},"headers":[{"name":"Cf-Cache-Status","op":"ne","value":"HIT"}]},"bypass":[{"name":"url","value":"api.example.com/*"}],"threshold":60,"period":900,"action":{"mode":"challenge","timeout":86400,"response":{"content_type":"text/xml","body":"<error>This request has been rate-limited.</error>"}}}'

0 Likes

#3

They have a feature called “protect my login” How can I find out what those settings would be so I can mimick this from an API call - Also are there limits as to for example how many Url’s I can add. Or can i use a wildcard - *.ourgreatapp.login

0 Likes

#4

I’m not sure how it automatically configures the Login URL, but you can probably use the API to list it. The API docs show how you can wildcard the entry.

0 Likes