# Cloudflare security rules


Total Time Required	15 minutes
Difficulty	Easy
Required Knowledge	Crowdsec, Cloudflare

## Prerequisites * Crowdsec account * [You have subscribed to atleast 1 block list](/guides/installation-guides/crowdsec.md#add-blocklists) * [Your Crowdsec enrollment key](/guides/installation-guides/crowdsec.md#generate-your-enrol-key) {% hint style="warning" %} I recommend setting up a unique stack per domain you manage. This reduces the impact if the API key is leaked. {% endhint %} #### This stack monitors... * Crowdsec blocklists #### ... And changes * Cloudflare security rules ## Cloudflare Generate your API key, get your details and create your security rules ### Get your Account ID 1. Browse to 2. Next to your name, click on the 3 dots and select Copy Account ID 3. Save to your notepad, `CF_ACCOUNTID=` ### Get your Zone ID 1. Browse to 2. Click manage next to your domain 3. Scroll down and locate "API" on the right 4. Save your Zone ID to your notepad, `CF_ZONE_ID=` ### Generate an API key 1. Navigate here 2. Click on Create token > custom token 1. Give your token a name and fill out the below permissions


Account	Account Filter Lists	Edit
Account	Firewall Access Rules	Edit
Zone	Zone	Read
Zone	Firewall Services	Edit

2. Account resources | Field | Data | | ------- | ------------ | | Include | All Accounts | 3. Zone resources | | | | | ------- | ------------- | ----------- | | Include | Specific Zone | Your Domain | 4. Click on continue to summary 3. Save your API key to your notepad, `CF_APITOKEN=` ### Set your Security rules Configure some security rules to reduce the risk of malicious actors accessing your domain 1. Navigate to 2. Select your domain 3. On the left, click expand Security and select rules 4. Click on create rule > custom rule 1. Next to Expression Preview, click on 'edit expression' to get the free text field 5. Create a rule for each of the below ### Block bots This policy will show a Captcha challenge to any IPs suspected of botting

Field	Data
Rule Name	Block Bots
Expression	(cf.client.bot)
Choose action	Managed Challenge
Place at	First

### Challenge Threat Score These IPs are potentially malicious. These addresses will be prompted for Captcha

Field	Data
Rule Name	Challenge Threat Score
Expression	(cf.threat_score gt 10)
Choose action	Managed Challenge
Place at	Custom - after 'Block Bots'

### Block Threat Score These IPs are very likely to be malicious. These addresses will be blocked

Field	Data
Rule Name	Challenge Threat Score
Expression	(cf.threat_score gt 50)
Choose action	Block
Place at	Custom - after 'Challenge Threat Score'

{% hint style="info" %} An additional rule will be created by the Crowdsec CF Bouncer container after the Compose file is ran {% endhint %} ## Docker Compose Fill out the below env using your notes ```dotenv # --- CrowdSec Engine Settings --- CROWDSEC_ENROLL_KEY= # --- Cloudflare Credentials --- CF_APITOKEN= CF_ACCOUNTID= CF_ZONE_ID= ``` {% @github-files/github-code-block url="" %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.trentbauer.com/guides/installation-guides/crowdsec/cloudflare-security-rules.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.