# Cloudflare To make DDNS, Dockflare and Cloudflared work we need some data from Cloudflare #### Before continuing, please follow 1. [Configure Domain](/guides/other-guides/cloudflare/configure-domain.md) and 2. [Cloudflare Zero Trust](/guides/other-guides/cloudflare/cloudflare-zero-trust.md) {% hint style="danger" %} Please ensure you set the [Cloudflare Zero Trust](/guides/other-guides/cloudflare/cloudflare-zero-trust.md#set-up-wildcard-application) - if you do not, external parties will be able to access and modify your Dockflare settings - this is a major security risk - as well as your database contents if you enable the Adminer proxy link {% endhint %} ### Generate your API key This API key will be used for Dockflare, Dynamic DNS and Crowdsec 1. Navigate to 2. Click Create Token > Custom Token 3. Name your token Pelican, and set the below 1. permissions
AccountCloudflare TunnelEdit
AccountAccount Filter ListsEdit
AccountFirewall Access RulesEdit
AccountAccount SettingsRead
AccountAccess: Apps and PoliciesEdit
UserUser DetailsRead
ZoneDNSRead
ZoneFirewall ServicesEdit
ZoneZoneEdit
2. Account Resources | Field | Data | | ------- | ----------- | | Include | All Account | 3. Zone Resources\ \&#xNAN;*You can have additional domains* | | | | | ------- | ------------- | ----------- | | Include | Specific Zone | Your Domain | 4. Click on Continue to Summary 4. Save your API key to your notepad, `CF_APITOKEN=` ### Get your Account ID 1. Browse to 2. Next to your name, click on the 3 dots and select Copy Account ID 3. Save to your notepad, `CF_ACCOUNTID=` ### Get your Zone ID 1. Browse to 2. Click manage next to your domain 3. Scroll down and locate "API" on the right 4. Save your Zone ID to your notepad, `CF_ZONE_ID=` ## Security rules Configure some security rules to reduce the risk of malicious actors accessing your domain 1. Navigate to 2. Select your domain 3. On the left, click expand Security and select rules 4. Click on create rule > custom rule 1. Next to Expression Preview, click on 'edit expression' to get the free text field 5. Create a rule for each of the below ### Block bots This policy will show a Captcha challenge to any IPs suspected of botting
FieldData
Rule NameBlock Bots
Expression(cf.client.bot)
Choose actionManaged Challenge
Place atFirst
### Challenge Threat Score These IPs are potentially malicious. These addresses will be prompted for Captcha
FieldData
Rule NameChallenge Threat Score
Expression(cf.threat_score gt 10)
Choose actionManaged Challenge
Place atCustom - after 'Block Bots'
### Block Threat Score These IPs are very likely to be malicious. These addresses will be blocked
FieldData
Rule NameChallenge Threat Score
Expression(cf.threat_score gt 50)
Choose actionBlock
Place atCustom - after 'Challenge Threat Score'
{% hint style="info" %} An additional rule will be created by the Crowdsec CF Bouncer container after the Compose file is ran {% endhint %} --- # Agent Instructions: Querying This Documentation If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question. Perform an HTTP GET request on the current page URL with the `ask` query parameter: ``` GET https://www.trentbauer.com/guides/installation-guides/pelican/cloudflare.md?ask= ``` The question should be specific, self-contained, and written in natural language. The response will contain a direct answer to the question and relevant excerpts and sources from the documentation. Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.