Is it OK to use WAF as CloudFlareWorkerKV?

I know that CloudFlareKV for free only allow 1k wrtie per day,so I try to use WAF as KV,the code are as follows:

const WAFKV = {
    GET: async function (key) {
      let item;
      let filters = await WAFKV.FILTERS()
      let result = (await filters.json()).result
      for (let i = 0; i < result.length; i++) {
        if (result[i].id && result[i].id == RULEID) {
          item = result[i]
          break
        }
      }
      try {
        return JSON.parse(unescape(item["expression"].split('$')[1]))[key]
      } catch (e) {
        return null
      }

    },
    LIST: async function () {
      let item;
      let filters = await WAFKV.FILTERS()
      let result = (await filters.json()).result
      for (let i = 0; i < result.length; i++) {
        if (result[i].id && result[i].id == RULEID) {
          item = result[i]
          break
        }
      }
      try {
        return (unescape(item["expression"].split('$')[1]))
      } catch (e) {
        return null
      }

    },
    PUT: async function (key, value) {
      let item;
      let filters = await WAFKV.FILTERS()
      let result = (await filters.json()).result
      for (let i = 0; i < result.length; i++) {
        if (result[i].id && result[i].id == RULEID) {
          item = result[i]
          break
        }
      }
      let on = (function () { try { return JSON.parse(item["expression"].split('$')[1]) } catch (p) { return {} } })()
      on[key] = value
      let expression = `(http.cookie eq "$${escape(await JSON.stringify(on))}$")`
      item.expression = expression
      const eo = await (await fetch(new Request(`https://api.cloudflare.com/client/v4/zones/${ZONEID}/filters`, {
        method: "PUT",
        headers: {
          "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36 Edg/88.0.100.0",
          "X-Auth-Email": AUTHEMAIL,
          "X-Auth-Key": AUTHKEY,
          "Content-Type": "application/json",
        },
        body: JSON.stringify([item])
      }))).json()
      return eo.success
    },
    DELETE: async function (key) {
      let item;
      let filters = await WAFKV.FILTERS()
      let result = (await filters.json()).result
      for (let i = 0; i < result.length; i++) {
        if (result[i].id && result[i].id == RULEID) {
          item = result[i]
          break
        }
      }
      let on = (function () { try { return JSON.parse(item["expression"].split('$')[1]) } catch (p) { return {} } })()
      delete on[key]
      let expression = `(http.cookie eq "$${btoa(await JSON.stringify(on))}$")`
      item.expression = expression
      const eo = await (await fetch(new Request(`https://api.cloudflare.com/client/v4/zones/${ZONEID}/filters`, {
        method: "PUT",
        headers: {
          "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36 Edg/88.0.100.0",
          "X-Auth-Email": AUTHEMAIL,
          "X-Auth-Key": AUTHKEY,
          "Content-Type": "application/json",
        },
        body: JSON.stringify([item])
      }))).json()
      return eo.success
    },
    FILTERS: async function () {
      return fetch(new Request(`https://api.cloudflare.com/client/v4/zones/${ZONEID}/filters`, {
        method: "GET",
        headers: {
          "user-agent": "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/88.0.4324.190 Safari/537.36 Edg/88.0.100.0",
          "X-Auth-Email": AUTHEMAIL,
          "X-Auth-Key": AUTHKEY,
          "Content-Type": "application/json",
        },
      }));
    }
  }

NEED:

AUTHEMAIL
AUTHKEY
RULEID
ZONEID

use as:

WAFKV.LIST()
WAFKV.GET(key)
WAFKV.PUT(key,value)
WAFKV.DELETE(key)

I know that the latency and availability will be low and the space will be small, but free users can write 50000 times a day.

Is this in accordance with the regulations on the use of CloudFlare?I don’t know if it is vaild,so I had paused my worker and am waiting for response.

I’d assume this goes under the “abuse” clause, the system is not intended to work like this.

How to judge this is abuse, I just want to use worker to dynamically block a request containing such a cookie to implement dynamic firewall.

From what I understand is, the OP just wants to block some requests by writing his custom logic in Cloudflare Workers.

I don’t see any problems with that.

1 Like

As long as it’s a valid WAF use-case, then it should be fine if it’s within the API limits.

But using it as a KV replacement for unrelated things would be problematic.

The actual ToS is very vague on “abuse”, so you can certainly try it.
I’m just saying it might not be reliable.

1 Like

Well,I know using it as FireWall is obviously ok,and I’m vagued on “abuse” WAF

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.