From d7fb3e72378fa55c8280d6b8cdac24f974dcfd4b Mon Sep 17 00:00:00 2001 From: Georgiy Sitnikov Date: Wed, 9 Oct 2024 08:06:19 +0200 Subject: [PATCH] Wiki Cloudflare section update (#89) * Update Cloudflare-Side-Note.md Add cloudflare rules * Update Cloudflare-Side-Note.md Reformatted to the list. --- Cloudflare-Side-Note.md | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) diff --git a/Cloudflare-Side-Note.md b/Cloudflare-Side-Note.md index 5cacced..56456db 100644 --- a/Cloudflare-Side-Note.md +++ b/Cloudflare-Side-Note.md @@ -4,7 +4,17 @@ By default, Cloudflare is not API friendly including Uptime Kuma. Cloudflare may You need to disable or bypass "Browser Integrity Check" in Cloudflare Dashboard via one of these methods: - (Easiest) Add your Uptime Kuma host IP address to [IP Access rules](https://developers.cloudflare.com/waf/tools/ip-access-rules/) as an Allowed address, optionally across every domain in your Cloudflare account -- Allow Uptime Kuma to [bypass the check via WAF Custom Rules](https://developers.cloudflare.com/waf/custom-rules/skip/), only applies to one domain at a time +- Allow Uptime Kuma to [bypass the check via WAF Custom Rules](https://developers.cloudflare.com/waf/custom-rules/skip/), and special header. E.g. lets add to the Kuma request header (please replace `kuma-qwerty123456` with your own random value): + ```json + { + "kumaping":"kuma-qwerty123456" + } + ``` + Now create a rule where you will bypass JS challenge if header is presented. You can also add multiple domains after `or` E.g. + ``` + (http.host eq "domain1" and all(http.request.headers["kumaping"][*] ne "kuma-qwerty123456")) or (http.host eq "domain2" and all(http.request.headers["kumaping"][*] ne "qwerty123456")) + ``` + and at the end of the rule JS challenge. Now challenge will be only triggered if `kumaping` header is not presented or it has a wrong value. - Use a [Configuration Rule](https://developers.cloudflare.com/rules/configuration-rules/) to disable the check for your Uptime Kuma IP address Related discussion: https://community.cloudflare.com/t/api-403-after-enabling-cloudflare/108078/6