A Node.js script that automates the reporting of incidents detected by Cloudflare WAF to AbuseIPDB ☁️🕵️

abuseipdb abuseipdb-api abuseipdb-reporting-tool cloudflare cloudflare-waf cloudflare-waf-expression cloudflare-waf-expressions cloudflare-waf-rules javascript nodejs nodejs-project reporting reporting-tool

Find a file

Sefinek f1eccfbed5 Update README.md		2024-08-17 11:13:57 +02:00
images	Update README.md	2024-08-17 11:13:57 +02:00
scripts	Update (add stats)	2024-08-16 23:04:10 +02:00
.env.default	Update (add stats)	2024-08-16 23:04:10 +02:00
.gitignore	Main commit	2024-08-15 10:31:55 +02:00
ecosystem.config.js	Main commit	2024-08-15 10:31:55 +02:00
eslint.config.mjs	Main commit	2024-08-15 10:31:55 +02:00
index.js	Update README.md	2024-08-17 11:13:57 +02:00
LICENSE	Main commit	2024-08-15 10:31:55 +02:00
package-lock.json	Main commit	2024-08-15 10:31:55 +02:00
package.json	Main commit	2024-08-15 10:31:55 +02:00
README.md	Update README.md	2024-08-17 11:13:57 +02:00

README.md

☁️ Cloudflare WAF to AbuseIPDB

This project is an automated script designed to fetch and report IP addresses that have triggered specific Cloudflare firewall events.
It enables reporting incidents detected by Cloudflare WAF to AbuseIPDB.

🛠️ Prerequisites

Node.js
npm (Node Package Manager)

📃 Information

If you want to make changes to the script from this repository, please kindly fork it first.

🌌 Example Report

IP 192.42.116.183 [T1] triggered Cloudflare WAF (firewallCustom).
Action taken: CHALLENGE
ASN: 1101 (IP-EEND-AS IP-EEND BV)
HTTP protocol: HTTP/1.0 (method GET)
Domain: blocklist.sefinek.net
Endpoint: /
Timestamp: 2024-08-17T00:15:53Z
Ray ID: 8b4578e65f16b8e4
Rule ID: cc5e7a6277d447eca9c1818934ba65c8
User agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5060.66 Safari/537.36

Report generated by Node-Cloudflare-WAF-AbuseIPDB (https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB)

📥 Installation

Clone the repository.

git clone https://github.com/sefinek24/Node-Cloudflare-WAF-AbuseIPDB.git

Install dependencies.
```
npm install
```
Environment variables. Create a new .env.default file with the same content, then rename it to .env. Fill it with your tokens, etc. Remember to set NODE_ENV to production!
Run the script.
```
node .
```
If you want to run the process 24/7, install the PM2 module.
```
npm install pm2 -g
```
Modify the log paths in the ecosystem.config.js file to be correct and existing. You don't need to create .log files, just ensure the directory structure is accurate.
Run the process continuously using PM2 to ensure constant operation and automatic restart in case of a failure.
```
pm2 start
```
Save a snapshot of the currently running Node.js processes.
```
pm2 save
```
Add PM2 to startup.
```
pm2 startup
```
Execute the command generated by PM2, e.g.:

sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u sefinek --hp /home/sefinek

That’s it! Monitor logs using the pm2 logs command.

🔤 How to Get Tokens?

`CLOUDFLARE_ZONE_ID`

`CLOUDFLARE_API_KEY`

Go to dash.cloudflare.com/profile/api-tokens.
Click the "Create Token" button.
Select "Create Custom Token".

`ABUSEIPDB_API_KEY`

Go to www.abuseipdb.com/account/api.

💕 Credits

This project is inspired by the MHG-LAB/Cloudflare-WAF-to-AbuseIPDB repository. I'm not particularly fond of Python and usually try to avoid using this programming language, which is why I decided to create this repository.

README.md Unescape Escape