Table: cloudflare_firewall_rule - Query Cloudflare Firewall Rules using SQL
Cloudflare Firewall Rules are a security feature that determines which traffic you want to allow to your website. They are customizable and can be used to mitigate against threats, control access, and block traffic from certain IP addresses or regions. Firewall rules can be set up to match against incoming HTTP traffic, and actions can be taken based on the rule match.
Table Usage Guide
The cloudflare_firewall_rule
table provides insights into Firewall Rules within Cloudflare. As a security engineer, explore rule-specific details through this table, including rule configurations, action taken, and associated metadata. Utilize it to uncover information about rules, such as those blocking specific IP addresses or regions, and the verification of rule configurations.
Examples
Basic info
Explore the creation dates of specific firewall rules to gain insights into their historical context and assess potential patterns or anomalies. This may assist in troubleshooting or optimizing your firewall configuration.
select id, zone_id, created_onfrom cloudflare_firewall_rule;
select id, zone_id, created_onfrom cloudflare_firewall_rule;
List paused firewall rules
Discover the segments that have paused firewall rules. This can be useful for identifying potential security vulnerabilities or areas where firewall protection is currently inactive.
select id, zone_id, pausedfrom cloudflare_firewall_rulewhere paused;
select id, zone_id, pausedfrom cloudflare_firewall_rulewhere paused = 1;
List firewall rules that block requests based on IP reputation
Analyze firewall rules to understand which ones are set to block based on IP reputation, helping to enhance security by identifying potential threats. This is particularly useful in preventing access from high-risk IP addresses.
select id, zone_id, filter, actionfrom cloudflare_firewall_rulewhere action = 'block' and filter ->> 'expression' = '(cf.threat_score gt 1)';
select id, zone_id, filter, actionfrom cloudflare_firewall_rulewhere action = 'block' and json_extract(filter, '$.expression') = '(cf.threat_score gt 1)';
Schema for cloudflare_firewall_rule
Name | Type | Operators | Description |
---|---|---|---|
_ctx | jsonb | Steampipe context in JSON form. | |
action | text | The action to apply to a matched request. | |
created_on | timestamp with time zone | The time when the firewall rule is created. | |
description | text | A description of the rule to help identify it. | |
filter | jsonb | A set of firewall properties. | |
id | text | = | Specifies the Firewall Rule identifier. |
modified_on | timestamp with time zone | The time when the firewall rule is updated. | |
paused | boolean | Indicates whether the firewall rule is currently paused. | |
priority | bigint | The priority of the rule to allow control of processing order. A lower number indicates high priority. If not provided, any rules with a priority will be sequenced before those without. | |
products | jsonb | A list of products to bypass for a request when the bypass action is used. | |
sp_connection_name | text | =, !=, ~~, ~~*, !~~, !~~* | Steampipe connection name. |
sp_ctx | jsonb | Steampipe context in JSON form. | |
title | text | Title of the resource. | |
user_id | text | =, !=, ~~, ~~*, !~~, !~~* | ID of the current user. |
zone_id | text | = | Specifies the zone identifier. |
Export
This table is available as a standalone Exporter CLI. Steampipe exporters are stand-alone binaries that allow you to extract data using Steampipe plugins without a database.
You can download the tarball for your platform from the Releases page, but it is simplest to install them with the steampipe_export_installer.sh
script:
/bin/sh -c "$(curl -fsSL https://steampipe.io/install/export.sh)" -- cloudflare
You can pass the configuration to the command with the --config
argument:
steampipe_export_cloudflare --config '<your_config>' cloudflare_firewall_rule