我正在尝试使用他们的 API 更新 Cloudflare 上的 waf 规则。你会在代码中看到我先获取规则和内容,然后更新规则。 所有凭证均正确
$zoneIdentifier = "123"; //Real credentials are correct (tripple checked)
$authKey = "123"; //Real credentials are correct (tripple checked)
$accountID = "123"; //Real credentials are correct (tripple checked)
$ruleId = "123"; //Real credentials are correct (tripple checked)
$filerID = "123"; //Real credentials are correct (tripple checked)
$url = "https://api.cloudflare.com/client/v4/zones/{$zoneIdentifier}/firewall/rules/{$ruleId}";
$headers = [
"X-Auth-Email: [email protected]",
"X-Auth-Key: {$authKey}",
"Content-Type: application/json",
];
// Function to make a cURL request function makeCurlRequest($url, $headers, $method = "GET", $data = null)
{
$curl = curl_init();
curl_setopt_array($curl, [
CURLOPT_URL => $url,
CURLOPT_RETURNTRANSFER => true,
CURLOPT_ENCODING => "",
CURLOPT_MAXREDIRS => 10,
CURLOPT_TIMEOUT => 30,
CURLOPT_HTTP_VERSION => CURL_HTTP_VERSION_1_1,
CURLOPT_CUSTOMREQUEST => $method,
CURLOPT_POSTFIELDS => $data ? json_encode($data) : null,
CURLOPT_HTTPHEADER => $headers,
]);
$response = curl_exec($curl);
$err = curl_error($curl);
curl_close($curl);
if ($err) {
echo "cURL Error #:" . $err;
return false;
}
return json_decode($response, true);
}
// Retrieve information about the rule
$responseData = makeCurlRequest($url, $headers);
if ($responseData !== false) {
// Process the response
$filter = $responseData['result']['filter'];
$expression = $filter['expression'];
// New IP address to add
$newIpAddress = "123.123.1.0"; ///Test IP
// Check Cloudflare's documentation for the correct expression syntax
$newFilterExpression = "(ip.src eq {$newIpAddress})";
// If there's an existing expression, combine it with the new one using 'or'
if ($expression) {
$newFilterExpression = "{$expression} or {$newFilterExpression}";
}
// Updated rule details
$updatedRule = [
"id" => $ruleId,
"paused" => false,
"description" => "BlockBadIP",
"action" => "block",
"expression" => $newFilterExpression
];
// URL for updating the rule
$updateUrl = "https://api.cloudflare.com/client/v4/zones/{$zoneIdentifier}/firewall/rules/{$ruleId}";
// Set cURL options for the PUT request (update)
$updateResponse = makeCurlRequest($updateUrl, $headers, "PUT", $updatedRule);
// Check for cURL errors in the update response
if ($updateResponse !== false) {
// Output the update response
} else {
echo "Update failed.";
}
} else {
echo "Failed to retrieve rule information.";
}
我已经做了很多测试,我可以通过API更改名称,我可以通过API更改操作,但表达式永远不会改变。
对于我尝试过的 $updatedRule 变量
$updatedRule = [
"id" => $ruleId,
"paused" => false,
"description" => "BlockBadIP",
"action" => "block",
"expression" => $newFilterExpression
];
和
$updatedRule = [
"id" => $ruleId,
"paused" => false,
"description" => "BlockBadIP",
"action" => "block",
"filter" => [
"id" => $filerID,
"expression" => $newFilterExpression
],
];.
这两个都不能改变表情,但就像我说的,我可以改变名字和动作
没有错误。响应表明成功:
["success"]=> bool(true) ["errors"]=> array(0) { } ["messages"]=> array(0)但是,表情还没有更新。
纯文本表达式示例:(ip.src eq 123.123.1.0) 或 (ip.src eq 123.123.1.1) 或 (ip.src eq 123.123.1.2)
我做错了什么?
$updatedRule = [
"id" => $ruleId,
"paused" => false,
"description" => "BlockBadIP",
"action" => "block",
"filter" => [
"id" => $filerID,
"expression" => $newFilterExpression
],
];
$updateUrl = "https://api.cloudflare.com/client/v4/zones/{$zoneIdentifier}/firewall/rules/{$ruleId}";
$data = json_encode($updatedRule);
$updateResponse = makeCurlRequest($updateUrl, $headers, "PUT", $data);
如果上述方法不起作用,验证以下内容可能会有所帮助:
Ensure that the $newFilterExpression variable holds the correct format for the expression that Cloudflare's API expects. You might check the Cloudflare documentation or test the expression format separately.
Verify that the permissions associated with the API key used for authentication have the necessary access rights to modify firewall rules.
Check the Cloudflare API documentation for any specific requirements or constraints related to updating expressions within firewall rules.
如果您已经对表达式格式进行了三重检查并验证了权限,但问题仍然存在,请联系 Cloudflare 支持或其开发者社区,可能会提供针对其 API 行为的其他见解或帮助。