File: //bigscoots/wpo/cloudflare/protect_wplogin.sh
#!/bin/bash
# Source the JSON functions
source /bigscoots/includes/common.sh
# Initialize JSON response
init_json_response
# Function to print usage
usage() {
echo "Usage: $0 --cf_email <email> --cf_api_key <api_key> --cf_api_zone <zone_id>"
exit 1
}
# Parse arguments
while [[ "$#" -gt 0 ]]; do
case $1 in
--cf_email) CF_EMAIL="$2"; shift ;;
--cf_api_key) CF_API_KEY="$2"; shift ;;
--cf_api_zone) CF_ZONE_ID="$2"; shift ;;
*) echo "Unknown parameter: $1"; usage ;;
esac
shift
done
# Check if all required parameters are provided
if [[ -z "$CF_EMAIL" || -z "$CF_API_KEY" || -z "$CF_ZONE_ID" ]]; then
add_json_error "Missing required parameters"
print_json_response
exit 1
fi
add_json_message "Parameters provided successfully."
# Step 1: Retrieve the existing zone ruleset for the http_request_firewall_custom phase
EXISTING_RULESET_RESPONSE=$(curl -s --request GET \
--url "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/rulesets?phase=http_request_firewall_custom" \
--header "X-Auth-Email: ${CF_EMAIL}" \
--header "X-Auth-Key: ${CF_API_KEY}" \
--header "Content-Type: application/json")
# Extract the correct zone ruleset ID and rules
RULESET_ID=$(echo "$EXISTING_RULESET_RESPONSE" | jq -r '.result[] | select(.kind == "zone") | .id')
EXISTING_RULES=$(echo "$EXISTING_RULESET_RESPONSE" | jq -r '.result[] | select(.kind == "zone") | .rules')
if [[ "$RULESET_ID" == "null" || -z "$RULESET_ID" ]]; then
add_json_message "No existing ruleset found. Creating a new one..."
# Step 2: Create a new ruleset
CREATE_RULESET_RESPONSE=$(curl -s --request POST \
--url "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/rulesets" \
--header "X-Auth-Email: ${CF_EMAIL}" \
--header "X-Auth-Key: ${CF_API_KEY}" \
--header "Content-Type: application/json" \
--data '{
"name": "BigScoots Rule Set",
"description": "Rules maintained by the BigScoots Team",
"kind": "zone",
"phase": "http_request_firewall_custom",
"rules": []
}')
RULESET_ID=$(echo "$CREATE_RULESET_RESPONSE" | jq -r '.result.id')
if [[ "$RULESET_ID" == "null" || -z "$RULESET_ID" ]]; then
add_json_error "Failed to create a new ruleset"
print_json_response
exit 1
fi
add_json_message "Created a new ruleset with ID: $RULESET_ID"
EXISTING_RULES="[]"
fi
# Step 3: Append the new rule to the existing rules
if [[ "$EXISTING_RULES" == "null" || -z "$EXISTING_RULES" ]]; then
# Initialize rules array if empty
UPDATED_RULES='[{
"action": "managed_challenge",
"description": "BigScoots Challenge Rule",
"enabled": true,
"expression": "(http.request.uri.path contains \"wp-login.php\")"
}]'
else
# Append new rule to existing rules
UPDATED_RULES=$(echo "$EXISTING_RULES" | jq '. += [{
"action": "managed_challenge",
"description": "BigScoots Challenge Rule",
"enabled": true,
"expression": "(http.request.uri.path contains \"wp-login.php\")"
}]')
fi
add_json_message "Updated rules prepared."
# Step 4: Update the zone ruleset with the combined rules
UPDATE_RULESET_RESPONSE=$(curl -s --request PUT \
--url "https://api.cloudflare.com/client/v4/zones/${CF_ZONE_ID}/rulesets/${RULESET_ID}" \
--header "X-Auth-Email: ${CF_EMAIL}" \
--header "X-Auth-Key: ${CF_API_KEY}" \
--header "Content-Type: application/json" \
--data '{
"rules": '"$UPDATED_RULES"'
}')
# Check if the update was successful
SUCCESS=$(echo "$UPDATE_RULESET_RESPONSE" | jq -r '.success')
if [[ "$SUCCESS" == "true" ]]; then
add_json_message "Ruleset updated successfully"
set_json_success
else
add_json_error "Failed to update the ruleset"
fi
# Print the JSON response at the end
print_json_response