I have developed a PHP, JS, and HTML (Rendered in PHP) website that is routed through a reverse proxy to ensure CORS compliance. This setup uses Cloudflare’s GraphQL API to allow internal team members to look up RAY-IDs for compliance, specifically when users are blocked via Cloudflare’s Layer 7 (WAF) security rules. The purpose of this tool is to help the team determine whether a block was intentional or due to a security policy.
I was able to retrieve information for a specific RAY-ID using a curl
command but am currently encountering rate-limiting issues.
Below is the reverse proxy configuration I am using for accessing Cloudflare’s API:
# Reverse Proxy Configuration for Cloudflare API
location /api/ {
proxy_pass https://api.cloudflare.com/client/v4/graphql;
proxy_set_header Host api.cloudflare.com;
proxy_set_header Authorization "Bearer VALID-API-ID";
proxy_set_header Content-Type application/json;
proxy_set_header Accept application/json;
# CORS headers
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Content-Type";
# Preflight OPTIONS requests
if ($request_method = OPTIONS) {
add_header Access-Control-Allow-Origin *;
add_header Access-Control-Allow-Methods "GET, POST, OPTIONS";
add_header Access-Control-Allow-Headers "Authorization, Content-Type";
return 204;
}
}