https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB

A Node.js script that automates the reporting of incidents detected by Cloudflare WAF to AbuseIPDB ☁️🕵️
https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB

abuseipdb abuseipdb-api abuseipdb-reporting-tool cloudflare cloudflare-waf cloudflare-waf-expression cloudflare-waf-expressions cloudflare-waf-rules javascript nodejs nodejs-project reporting reporting-tool

Last synced: 3 months ago
JSON representation

A Node.js script that automates the reporting of incidents detected by Cloudflare WAF to AbuseIPDB ☁️🕵️

• Host: GitHub
• URL: https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB
• Owner: sefinek
• License: mit
• Created: 2024-08-15T06:44:08.000Z (10 months ago)
• Default Branch: main
• Last Pushed: 2025-02-13T01:57:27.000Z (4 months ago)
• Last Synced: 2025-03-10T13:55:07.340Z (4 months ago)
• Topics: abuseipdb, abuseipdb-api, abuseipdb-reporting-tool, cloudflare, cloudflare-waf, cloudflare-waf-expression, cloudflare-waf-expressions, cloudflare-waf-rules, javascript, nodejs, nodejs-project, reporting, reporting-tool
• Language: JavaScript
• Homepage:
• Size: 298 KB
• Stars: 9
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Funding: .github/FUNDING.yml
  • License: LICENSE

Awesome Lists containing this project

README

        
# Cloudflare WAF to AbuseIPDB ☁️🕵️

This project offers an automated script that collects and reports IP addresses that have triggered Cloudflare firewall events.

In simple terms, it enables the reporting of incidents detected by Cloudflare WAF to the AbuseIPDB database.

If you're looking for **effective WAF Expressions**, you're in the right place! Check out [sefinek/Cloudflare-WAF-Expressions](https://github.com/sefinek/Cloudflare-WAF-Expressions).

Also, take a look at [sefinek/UFW-AbuseIPDB-Reporter](https://github.com/sefinek/UFW-AbuseIPDB-Reporter) for UFW.

> If you like this repository or find it useful, I would greatly appreciate it if you could give it a star ⭐. Thanks a lot!

## 🛠️ Prerequisites

- [Node.js + npm](https://nodejs.org)

- [PM2](https://www.npmjs.com/package/pm2) (recommended)

## 📃 Information

If you want to make changes to the script from this repository, please kindly [fork](https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB/fork) it first.

## 🌌 Example Report

```

Triggered Cloudflare WAF (securitylevel) from T1.

Action taken: MANAGED_CHALLENGE

ASN: 53667 (PONYNET)

Protocol: HTTP/1.0 (method GET)

Endpoint: /

Timestamp: 2024-11-09T19:20:18Z

Ray ID: 8e0028cb79ab3a96

Rule ID: badscore

UA: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/103.0.5042.0 Safari/537.36

Report generated by Cloudflare-WAF-To-AbuseIPDB:

https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB

```



    My profile: https://www.abuseipdb.com/user/158699



## 📥 Installation

1. Clone the repository.

   ```bash

   git clone https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB.git

   ```

2. Install dependencies.

   ```bash

   npm install

   ```

3. Create a new configuration file.

   ```bash

   cp config.default.js config.js

   ```

4. Paste the tokens into the `config.js` file. Make sure that `NODE_ENV` is set to `production`.

   ```bash

   nano config.js

   ```

5. Run the script.

   ```bash

   node .

   ```

6. If you want to run the process 24/7, install the [PM2](https://www.npmjs.com/package/pm2) module.

   ```bash

   npm install pm2 -g

   ```

7. Modify the log paths in the `ecosystem.config.js` file to be correct and existing. You don't need to create `.log` files, just ensure the directory structure is accurate.

8. Run the process continuously using `PM2` to ensure constant operation and automatic restart in case of a failure.

   ```bash

   pm2 start

   ```

9. Save a snapshot of the currently running `Node.js` processes.

   ```bash

   pm2 save

   ```

10. Add `PM2` to startup.

   ```bash

   pm2 startup

   ```

11. Execute the command generated by PM2, e.g.:

   ```bash

   sudo env PATH=$PATH:/usr/bin /usr/lib/node_modules/pm2/bin/pm2 startup systemd -u sefinek --hp /home/sefinek

   ```

12. That’s it! Monitor logs using the `pm2 logs` command.

## 🔤 How to Get Tokens?

### `CLOUDFLARE_ZONE_ID`

![](images/brave_UY5737SsDdlS.png)

### `CLOUDFLARE_API_KEY`

1. Go to [dash.cloudflare.com/profile/api-tokens](https://dash.cloudflare.com/profile/api-tokens).

2. Click the `Create Token` button.

3. Select `Create Custom Token`.

4. ![](images/brave_oWibgugvXlTH.png)

### `ABUSEIPDB_API_KEY`

Visit [www.abuseipdb.com/account/api](https://www.abuseipdb.com/account/api).

## 😉 Issues and Pull requests

If you need help or have any questions, feel free to create a new [Issue](https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB/issues). If you'd like to contribute to the project, go ahead and open a [Pull request](https://github.com/sefinek/Cloudflare-WAF-To-AbuseIPDB/pulls). Thank you!

## 💕 Credits

This project is inspired by the [MHG-LAB/Cloudflare-WAF-to-AbuseIPDB](https://github.com/MHG-LAB/Cloudflare-WAF-to-AbuseIPDB) repository.

I'm not particularly fond of Python and usually try to avoid using this programming language, which is why I decided to create this repository.

## 📑 [MIT License](LICENSE)

Copyright 2024-2025 © by [Sefinek](https://sefinek.net). All Rights Reserved.