turbot/cloudflare
steampipe plugin install cloudflare

Table: cloudflare_firewall_rule - Query Cloudflare Firewall Rules using SQL

Cloudflare Firewall Rules are a security feature that determines which traffic you want to allow to your website. They are customizable and can be used to mitigate against threats, control access, and block traffic from certain IP addresses or regions. Firewall rules can be set up to match against incoming HTTP traffic, and actions can be taken based on the rule match.

Table Usage Guide

The cloudflare_firewall_rule table provides insights into Firewall Rules within Cloudflare. As a security engineer, explore rule-specific details through this table, including rule configurations, action taken, and associated metadata. Utilize it to uncover information about rules, such as those blocking specific IP addresses or regions, and the verification of rule configurations.

Examples

Basic info

Explore the creation dates of specific firewall rules to gain insights into their historical context and assess potential patterns or anomalies. This may assist in troubleshooting or optimizing your firewall configuration.

select
id,
zone_id,
created_on
from
cloudflare_firewall_rule;
select
id,
zone_id,
created_on
from
cloudflare_firewall_rule;

List paused firewall rules

Discover the segments that have paused firewall rules. This can be useful for identifying potential security vulnerabilities or areas where firewall protection is currently inactive.

select
id,
zone_id,
paused
from
cloudflare_firewall_rule
where
paused;
select
id,
zone_id,
paused
from
cloudflare_firewall_rule
where
paused = 1;

List firewall rules that block requests based on IP reputation

Analyze firewall rules to understand which ones are set to block based on IP reputation, helping to enhance security by identifying potential threats. This is particularly useful in preventing access from high-risk IP addresses.

select
id,
zone_id,
filter,
action
from
cloudflare_firewall_rule
where
action = 'block'
and filter ->> 'expression' = '(cf.threat_score gt 1)';
select
id,
zone_id,
filter,
action
from
cloudflare_firewall_rule
where
action = 'block'
and json_extract(filter, '$.expression') = '(cf.threat_score gt 1)';

Schema for cloudflare_firewall_rule

NameTypeOperatorsDescription
_ctxjsonbSteampipe context in JSON form.
actiontextThe action to apply to a matched request.
created_ontimestamp with time zoneThe time when the firewall rule is created.
descriptiontextA description of the rule to help identify it.
filterjsonbA set of firewall properties.
idtext=Specifies the Firewall Rule identifier.
modified_ontimestamp with time zoneThe time when the firewall rule is updated.
pausedbooleanIndicates whether the firewall rule is currently paused.
prioritybigintThe priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without.
productsjsonbA list of products to bypass for a request when the bypass action is used.
sp_connection_nametext=, !=, ~~, ~~*, !~~, !~~*Steampipe connection name.
sp_ctxjsonbSteampipe context in JSON form.
titletextTitle of the resource.
user_idtext=, !=, ~~, ~~*, !~~, !~~*ID of the current user.
zone_idtext=Specifies the zone identifier.

Export

This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.

You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh script:

/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- cloudflare

You can pass the configuration to the command with the --config argument:

steampipe_export_cloudflare --config '<your_config>' cloudflare_firewall_rule