donnchac / cloudflare-tor-whitelister Goto Github PK

Hello, thanks for opensourcing this little project. I'm reporting a minor issue, not a big deal so I'm not expecting it to get fixed since the resolution is to just try later.

Rate limiting
The CloudFlare API sets a maximum of 1,200 requests in a five minute period
https://api.cloudflare.com/#requests

If you exceed this rate limit while using whitelist.py then you will get a successful log message without successfully hitting the CF API.

<snip>
2016-01-01 20:48:25,782 [ERROR]: Error deleting access rule 565c6267c40dbd004bae4ef063c64136 (IP: 197.231.221.211)
Traceback (most recent call last):
  File "./whitelist.py", line 265, in main
    remove_access_rule(session, rule_id, zone_id)
  File "./whitelist.py", line 116, in remove_access_rule
    r.raise_for_status()
  File "/usr/lib64/python2.7/site-packages/requests/models.py", line 840, in raise_for_status
    raise HTTPError(http_error_msg, response=self)
HTTPError: 429 Client Error: Too Many Requests for url: https://api.cloudflare.com/client/v4/user/firewall/access_rules/rules/565c6267c40dbd004bae4ef063c64136
2016-01-01 20:48:25,783 [INFO]: Removed 799 matching Tor access rules.

The last line is what I am talking about. This is probably only an issue with accounts that have multiple domains, etc. Using default value, the problem will not present itself.

It is possible to whitelist Tor (T1) visitors via the updated dashboard:

• https://support.cloudflare.com/hc/en-us/articles/203306930-Does-CloudFlare-block-Tor-

I think adding short node in the README may improve discoverability.

Currently, the IP-rule limit can only be edited by changing the script directly. I'd like to be able to pass a command-line argument for this, so that the script can be operated as a user who can't edit it.

Hi,
Just went to run the script and recieved the following errors:

2015-07-11 21:54:55,280 [INFO]: Successfully authenticated to the CloudFlare API
2015-07-11 21:54:55,281 [INFO]: No zone specified. Whitelist will be applied across all domains.
Traceback (most recent call last):
File "cloudflare-whitelist.py", line 346, in
main()
File "cloudflare-whitelist.py", line 235, in main
rules = fetch_access_rules(session, 1, zone_id=zone_id)
File "cloudflare-whitelist.py", line 70, in fetch_access_rules
raise CloudFlareAPIError(res['errors'])
main.CloudFlareAPIError: [{'code': 7003, 'message': 'Could not route to /user/firewall/packages/access_rules/rules, perhaps your object identifier is invalid?'}, {'code': 7000, 'message': 'No route for that URI'}]

Further investigation seems to point to the firewall packages being removed from the API. I can't see in the documentation any mention of /firewall/packages/access_rules any more.

I poked around with some code of my own and it seems that CloudFlare have indeed moved some things around.

Hello,

I get the following error:

/usr/local/lib/python2.7/dist-packages/requests-2.6.1-py2.7.egg/requests/packages/urllib3/util/ssl_.py:90: InsecurePlatformWarning: A true SSLContext object is not available. This prevents urllib3 from configuring SSL appropriately and may cause certain SSL connections to fail. For more information, see https://urllib3.readthedocs.org/en/latest/security.html#insecureplatformwarning.
InsecurePlatformWarning
Traceback (most recent call last):
File "./cloudflare-whitelist.py", line 326, in
main()
File "./cloudflare-whitelist.py", line 181, in main
res = r.json()
File "/usr/local/lib/python2.7/dist-packages/requests-2.6.1-py2.7.egg/requests/models.py", line 819, in json
return json.loads(self.text, **kwargs)
File "/usr/lib/python2.7/json/init.py", line 326, in loads
return _default_decoder.decode(s)
File "/usr/lib/python2.7/json/decoder.py", line 365, in decode
obj, end = self.raw_decode(s, idx=_w(s, 0).end())
File "/usr/lib/python2.7/json/decoder.py", line 383, in raw_decode
raise ValueError("No JSON object could be decoded")
ValueError: No JSON object could be decoded

Latest Debian from Digitalocean.

Free accounts are limited to 200 rules per site. Pro and more expensive accounts have higher limits. If I edit the hardcoded limit in the script to be higher than my actual limit, I get some unpretty output:

2015-05-27 16:18:20,306 [ERROR]: Error creating access rule.
Traceback (most recent call last):
  File "cloudflare-whitelist.py", line 310, in main
    add_whitelist_rule(session, exit_address, zone_id)
  File "cloudflare-whitelist.py", line 102, in add_whitelist_rule
    raise CloudFlareAPIError(res['errors'])
CloudFlareAPIError: [{u'message': u'Access rule quota has been exceeded.', u'code': 81019}]

It would be lovely if this output could be prettier.