Managing Your Domain with CloudFlare

CloudFlare Setup

CloudFlare is a free DNS service that not only allows you to control DNS records, but also speeds up your website by caching it on various servers around the globe, hides your IP address, keeps site online even if your server isn't, protects against various threats including DDoS and provides unique analytics tools.

Sign up, in your home screen enter domain name and press 'Add Website'. Edit few A records with your IP address and toggle orange cloud on your domain name and 'www'. If you have only one IP address at your disposal, Zone File should look similar to this. Next, choose your security settings and finally redirect your name servers in your domain registrar to CloudFlare. That's about it, you can check some of the security or performance options in 'CloudFlare settings' page.

Resolve Real IP addresses in Apache Logs

Since CloudFlare is essentially a proxy for your website, IP addresses that appear in apache.log belong to CloudFlare servers. To log visitors' real addresses you need one simple mod for Apache. First, install few dependencies:

Then, download 'mod_cloudflare' source:

Now, just install the mod with:

It should enable automatically, if not, run:

Updating DNS Records with Dynamic IP Address

Most ISPs distribute their IP addresses dynamically, so it changes from time to time and reaching your server can sometimes be impossible. You can create an automated script to modify DNS records if your IP address changes. Start with creating few files:

Next, you need download all your DNS records from CloudFlare with simple script.

Paste the following:

Now, 'tkn' variable is a CloudFlare token, or API Key, you can find it here, 'email' is your CloudFlare account of course and 'z' is your domain name. Edit, save, exit, change permissions and run it:

Depending on how big is your DNS record list, the output can be quite large. Visit JSON parser, delete example text, paste your output and all that gibberish should start to make sense. Don't close that window yet, you will need it for your automated script. Create another file:

Download the script or paste the following:

Your domain name (type A record) points to your IP address, so when it changes you want to update it. Refer to JSON parser again. One of the first blocks should hold your domain settings, find variables 'zone_name', 'name' and 'display_name' that match each other (example.com), and 'display_content' is your IP address. When you do find it, edit the script accordingly ('rec_id' is 'id', 'rec_tag' is 'tkn'). If there are errors, the output should be quite clear. Example:

Visit CloudFlare Documentation on API for some more details.

You can also extract your WAN IP address from here or even from your server, if it isn't behind a router. In that case, run:

Find out which ethernet adapter holds your WAN IP address (ex. eth0), then instead of using some outside server to check your address, use yours. Try running this in your terminal:

It basically cuts down 'ifconfig eth0' command output to plain IP address. Try it, just remember using correct ethernet device. If it works, put it in the script as your 'IP' value.

Next, you can set up email alert system with nice little tool 'ssmtp'.

You can find how to quickly configure it here and here. Since I have my own email server, configuration looks something like this:

Save, exit and add the following line in the cloudflare.sh script just before the 'echoes':

Fill in your emails, save and exit.

If your script is working correctly, then it's time to finish this up:

And add a cronjob:

Paste:

Save and exit. It will run the script every 10 minutes. You can modify the timer, even lower it if you check your WAN IP address via 'ifconfig'. Leave a reasonable period between checks if you are using outside servers to check your address, don't DoS them.

Security Level Toggle Script

If you are being D/DoS'ed, you can ask CloudFlare for help. Since security level is usually set to medium, with a simple call via CloudFlare API you can turn it up to 'help' (I'm Under Attack!).

Again, download or paste the script:

Edit, save and exit. For the purposes of testing, you can change 'v=help' to 'v=low'. Run the script:

If configured correctly, you should see a confirmation:

Go to CloudFlare website and refresh the settings page to see if security level has changed. Change 'v=low' to 'v=help' when script starts working. Check out CloudFlare documentation if you run into troubles. Move the script when you're done:

You can now run the script from anywhere as root by simply entering:

Just turn it off when attack is over.

References