Cloudflare

Cloudflare Plans
CF mTLS (Zero Trust)
CF Reverse Proxy
ARGO (Cloudflare Daemon) - Config
CF Zero Trust (VPN-like)
CF Logpull/logpush:
Log integrations
API Documentation

Cloudflare Plans

IP Ranges

Last updated: April 8, 2021 Some applications or host providers might find it handy to know about Cloudflare's IPs. This page is intended to be the definitive source of Cloudflare's current IP ranges. You can also use the Cloudflare API to access this list

www.cloudflare.com

CF mTLS (Zero Trust)

No Paid plan required.

Generate Keys in zero trust console (SSL section) - Private Key && Certificate key
Create mTLS rule in SSL > Client Certificates > Add host (my_secret_host.domain.com)
Create mTLS rule in Firewall > Add rule (Block access if Certificate not present)
Add certificates to the client (Browser, OS, mobile…)

Mutual TLS · Cloudflare Zero Trust docs

Cloudflare One™ is the culmination of engineering and technical development guided by conversations with thousands of customers about the future of the corporate network. It provides secure, fast, reliable, cost-effective network services, integrated with leading identity management and endpoint security providers. These docs contain step-by-step, use case driven, tutorials to use Cloudflare One products.

developers.cloudflare.com

How to add certs, generate them via API, etc.

CF Reverse Proxy

Cloudflare Reverse Proxy (1)

ARGO (Cloudflare Daemon) - Config

(Cloudflared - Daemon → Argo Tunnel)

Video: How to configure cloudflare daemon

(Used to be called argo-tunnel) https://developers.cloudflare.com/cloudflare-one/tutorials/ssh

CF Zero Trust (VPN-like)

https://www.cloudflare.com/teams/access/

CF Logpull/logpush:

Managing API Tokens and Keys

The Cloudflare API exposes the entire Cloudflare functionality via a programmatic interface. You can manage your account settings, configure products, and develop applications using the Cloudflare API. Using the Cloudflare API requires either an API token or API key to authenticate the source of the API request.

support.cloudflare.com

Tutorial API Creation & Management

dash.cloudflare.com

Dashboard para crear el API Token

Usuario → Perfil → Create Token: Configuración per API (APIs para diferentes servicios, configuraciones, usuarios, grupos, tipo, etc.)
! Las API pueden tener un período de duración > 1 día

curl -X GET "https://api.cloudflare.com/client/v4/user/tokens/verify" \
     -H "Authorization: Bearer _LDFjUeFozn-ou6LQPYIwY70W0YXM7vDd-f-1OcI" \
     -H "Content-Type:application/json"

Sample test

Log integrations

ElasticFlare: ElasticFlare pulls CloudFlare firewall and audit logs, then ingests and enriches the data using the Elastic Stack. Github.
CF's Logpush

API tokens: https://dash.cloudflare.com/profile/api-tokens

Logs (general) https://developers.cloudflare.com/logs/

Logpush w/AWS S3 https://developers.cloudflare.com/logs/get-started/enable-destinations/aws-s3

Logpull REST API https://developers.cloudflare.com/logs/logpull/requesting-logs

Elastic: https://developers.cloudflare.com/fundamentals/data-products/analytics-integrations/elastic

API Documentation

https://api.cloudflare.com/#filters-delete-individual-filter