Cloudflare integration

Cloudflare WAF (Web Application Firewall) helps in protecting applications and APIs from various cybersecurity threats. Traceable provides an integration with Cloudflare's WAF to block IP addresses and threat actors. As part of the integration, Traceable identifies the IP address that have violated some rule, for example, a rate-limiting rule. These IP addresses are communicated to Cloudflare WAF. Once the IP addresses are sent to Cloudflare, you can individually view and edit them in Cloudflare. Before you proceed with Cloudflare integration, make sure that Traceable Platform agent is installed and configured in your environment. Platform agent is required for instrumentation purpose and not necessarily for WAF integration.

You can choose from an agentless or agent-based deployment option. For more information on Traceable agents, see the Installation section. Traceable's integration with Cloudflare supports the following two types of rules:

• IP range rules
• Threat actor rules

The following is a high-level integration diagram:

The threat actor module detects malicious activities as threats. The Custom Policy Module is used to set custom policies. Only IP Range policy is supported. 

Before you begin

Make sure that you have the following information before you proceed with the integration:

• Authorization email – The email that you use to log in to Cloudflare account.
• Zone information – When you log in to Cloudflare, the zone information is available on the home page. For example, in the screenshot below, the zone is dc-traceable.com.
• API token – If you don't already have a token, complete the following steps to create a token. 
  1. Navigate to My Profile > API Tokens > Create Token as shown in the screenshot below.
  2. On the API Tokens page, navigate to the Custom token section to create a token for integration with Traceable. 
  3. API token permission – You only need one permission, Zone → Firewall Services → Edit, for the API token as shown in the screenshot below.

Configuration

To integrate Traceable with Cloudflare, navigate to Administration → Configuration → Integrations page. Complete the following steps:

1. Click on Add Integration and choose External WAF: Cloudflare from Integration Type drop-down list.
2. Enter the Description, Zone, Authorization Email, and API Token and click on Save.

After a successful integration, the IP range or threat actor rules are communicated to Cloudflare for blocking or allowing the IP addresses. In your Cloudflare account, you would see the IP addresses identified by Traceable.