{"id":1446,"date":"2019-11-05T16:55:58","date_gmt":"2019-11-05T13:55:58","guid":{"rendered":"https:\/\/artem.services\/?p=1446"},"modified":"2019-11-05T16:59:35","modified_gmt":"2019-11-05T13:59:35","slug":"cloudflare-%d0%be%d1%82%d0%bf%d1%80%d0%b0%d0%b2%d0%ba%d0%b0-%d1%83%d0%b2%d0%b5%d0%b4%d0%b5%d0%bc%d0%bb%d0%b5%d0%bd%d0%b8%d0%b9-%d0%b2-slack","status":"publish","type":"post","link":"https:\/\/artem.services\/?p=1446","title":{"rendered":"CloudFlare — \u041e\u0442\u043f\u0440\u0430\u0432\u043a\u0430 \u0443\u0432\u0435\u0434\u0435\u043c\u043b\u0435\u043d\u0438\u0439 \u0432 Slack"},"content":{"rendered":"

\"\"<\/p>\n

 <\/p>\n

\u0414\u0430\u043d\u043d\u044b\u0439 Python<\/strong> \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u0445 CloudFlare Firewall<\/strong> \u0432 Slack<\/strong> \u043a\u0430\u043d\u0430\u043b:<\/p>\n

\r\nimport os\r\nimport requests\r\nimport json\r\nimport datetime\r\n\r\n### CloudFlare ###\r\ntoken = "XXXXXXXXXXXXXXXX"\r\nzoneId = "XXXXXXXXXXXXXXXX"\r\ntimeRange = 5 # Minutes\r\nsource = "waf"\r\naction = "drop" # drop|simulate|challenge More info: https:\/\/api.cloudflare.com\/#firewall-events-list-events\r\nurlCloudFlare = "https:\/\/api.cloudflare.com\/client\/v4\/zones\/" + zoneId + "\/security\/events"\r\n### END OF BLOCK ###\r\n\r\n### Slack ###\r\nwebHook = "https:\/\/hooks.slack.com\/services\/AAAAAAAA\/BBBBBBBB\/CCCCCCCCCCCCCCCC"\r\nchannelId = "XXXXXXXX"\r\n### END OF BLOCK ###\r\n\r\n### Functions ###\r\ndef slackNotify(ip, country, time, ruleMessage):\r\n    headers = {\r\n        'Content-type': 'application\/json',\r\n    }\r\n\r\n    data = '{"channel":"' + channelId + '","text":"IP address: `' + ip + '` from: `' + country + '` was blocked by `' + source + '` at ' + time + ' UTC' + '\\nReason: ' + ruleMessage + '\\n\\n"}'\r\n\r\n    response = requests.post(webHook, headers=headers, data=data)\r\n### END OF BLOCK ###\r\n\r\nsinceTime = (datetime.datetime.utcnow() - datetime.timedelta(minutes=timeRange))\r\nsinceTime = sinceTime.strftime("%Y-%m-%dT%H:%M:%SZ")\r\n\r\nheaders = {\r\n    'Authorization': 'Bearer ' + token,\r\n}\r\n\r\nparams = (\r\n    ('kind', 'firewall'),\r\n    ('since', sinceTime),\r\n    ('action', action),\r\n    ('source', source),\r\n)\r\n\r\nresponse = requests.get(urlCloudFlare, headers=headers, params=params).json()\r\n\r\ncount = len(response['result'])\r\n\r\nfor x in range(count):\r\n    ip = response['result'][x]['ip']\r\n    country = response['result'][x]['country']\r\n    time = response['result'][x]['occurred_at']\r\n    ruleMessage = response['result'][x]['matches'][0]['metadata']['rule_message']\r\n    time = datetime.datetime.strptime(time, '%Y-%m-%dT%H:%M:%SZ')\r\n    slackNotify(ip, country, str(time), ruleMessage)\r\n\r\n### Print for debugging ###\r\n# response = json.dumps(response, indent=4)\r\n# print(response)\r\n### END OF BLOCK ###\r\n<\/pre>\n
 <\/p>\n
\u0414\u0430\u043d\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 5 \u043c\u0438\u043d\u0443\u0442, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u0442\u0430\u0432\u0438\u043c \u0435\u0433\u043e \u0432 cron<\/strong> \u0441 \u0447\u0430\u0441\u0442\u043e\u0442\u043e\u0439 \u043a\u0430\u0436\u0434\u044b\u0435 5 \u043c\u0438\u043d\u0443\u0442.<\/p>\n
 <\/p>\n
\"\"<\/p>\n
 <\/p>\n
<\/p>\n
\u0414\u043b\u044f \u0442\u043e\u0433\u043e, \u0447\u0442\u043e\u0431\u044b \u043c\u043e\u0436\u043d\u043e \u0431\u044b\u043b\u043e \u043e\u0431\u0440\u0430\u0449\u0430\u0442\u044c\u0441\u044f \u043a CloudFlare<\/strong> \u043f\u043e API<\/strong>, \u043d\u0443\u0436\u043d\u043e \u0432 \u043d\u0430\u0441\u0442\u0440\u043e\u0439\u043a\u0430\u0445 \u0430\u043a\u043a\u0430\u0443\u043d\u0442\u0430 \u0441\u043e\u0437\u0434\u0430\u0442\u044c \u0442\u043e\u043a\u0435\u043d. \u0414\u0430\u0434\u0438\u043c \u0435\u043c\u0443 \u0442\u043e\u043b\u044c\u043a\u043e \u043f\u0440\u0430\u0432\u043e \u0447\u0442\u0435\u043d\u0438\u044f \u0444\u0430\u0435\u0440\u0432\u043e\u043b\u0430.<\/p>\n
\"\"<\/p>\n
 <\/p>\n
\"\"<\/p>\n
 <\/p>\n
 <\/p>\n
\"\"<\/p>\n","protected":false},"excerpt":{"rendered":"
  \u0414\u0430\u043d\u043d\u044b\u0439 Python \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u043e\u0437\u0432\u043e\u043b\u044f\u0435\u0442 \u043e\u0442\u043f\u0440\u0430\u0432\u043b\u044f\u0442\u044c \u0443\u0432\u0435\u0434\u043e\u043c\u043b\u0435\u043d\u0438\u044f \u043e \u0441\u043e\u0431\u044b\u0442\u0438\u044f\u0445 CloudFlare Firewall \u0432 Slack \u043a\u0430\u043d\u0430\u043b:   \u0414\u0430\u043d\u043d\u044b\u0439 \u0441\u043a\u0440\u0438\u043f\u0442 \u043f\u0440\u043e\u0432\u0435\u0440\u044f\u0435\u0442 \u0441\u043e\u0431\u044b\u0442\u0438\u044f \u0437\u0430 \u043f\u043e\u0441\u043b\u0435\u0434\u043d\u0438\u0435 5 \u043c\u0438\u043d\u0443\u0442, \u0441\u043e\u043e\u0442\u0432\u0435\u0442\u0441\u0442\u0432\u0435\u043d\u043d\u043e \u0441\u0442\u0430\u0432\u0438\u043c \u0435\u0433\u043e \u0432 cron \u0441 \u0447\u0430\u0441\u0442\u043e\u0442\u043e\u0439 \u043a\u0430\u0436\u0434\u044b\u0435 5 \u043c\u0438\u043d\u0443\u0442.    <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":[],"categories":[41],"tags":[1157,1153,1159,1161,1155],"_links":{"self":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1446"}],"collection":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1446"}],"version-history":[{"count":3,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1446\/revisions"}],"predecessor-version":[{"id":1454,"href":"https:\/\/artem.services\/index.php?rest_route=\/wp\/v2\/posts\/1446\/revisions\/1454"}],"wp:attachment":[{"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1446"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1446"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/artem.services\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1446"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}