├── README.md
└── cloudflare-uam.sh


/README.md:
--------------------------------------------------------------------------------
 1 | # Autoenable Cloudflare UAM
 2 | Auto-enable Cloudflare "Under Attack" mode when CPU load is high.
 3 | 
 4 | ## Installation
 5 | 1. Clone script.  
 6 | `$ git clone https://github.com/cheenanet/autoenable-cloudflare-uam.git`
 7 | 2. Install `bc`, `jq`, and `curl` before run script.  
 8 | Debian/Ubuntu: `$ sudo apt install bc jq curl`  
 9 | Fedora/CentOS: `$ sudo yum install bc jq curl`
10 | 
11 | ## Configuration
12 | 1. Create a new API token from [Cloudflare dashboard](https://dash.cloudflare.com/).
13 | 2. Set API token and Zone ID.
14 | ```
15 | api_key=""
16 | zone_id=""
17 | ```
18 | 3. Set default security level and CPU load limit.
19 | ```
20 | default_security_level="high"
21 | max_loadavg=2
22 | ```
23 | 4. Add to crontab.  
24 | `*/20 * * * * /var/www/cloudflare-uam.sh`
25 | 


--------------------------------------------------------------------------------
/cloudflare-uam.sh:
--------------------------------------------------------------------------------
 1 | #!/bin/bash
 2 | 
 3 | api_key=""
 4 | zone_id=""
 5 | 
 6 | default_security_level="high"
 7 | max_loadavg=2
 8 | 
 9 | # Check whether a command exists
10 | for command in bc jq curl
11 | do
12 |     if [[ ! $(type $command 2> /dev/null) ]]; then
13 |         echo "ERROR: ${command} not found."
14 |         exit
15 |     fi
16 | done
17 | 
18 | if [[ -z $api_key || -z $zone_id ]]; then
19 |     echo "Please set api_key and zone_id."
20 |     exit
21 | fi
22 | 
23 | if [ ! -e /proc/loadavg ]; then
24 |     echo "This platform is not supported."
25 |     exit
26 | fi
27 | 
28 | loadavg=$(cut -d ' ' -f 1 /proc/loadavg)
29 | 
30 | api_url="https://api.cloudflare.com/client/v4/zones/$zone_id/settings/security_level"
31 | 
32 | # Get Security Level setting
33 | current_security_level=$(curl -X GET "$api_url" \
34 |     -H "Authorization: Bearer $api_key" \
35 |     -H "Content-Type: application/json" \
36 |     --silent \
37 |     | jq -r '.result.value')
38 | 
39 | if [ $(echo "$max_loadavg < $loadavg" | bc) -eq 1 ] && [ "$current_security_level" = $default_security_level ]; then
40 |     # Enable Under Attack Mode
41 |     result=$(curl -X PATCH "$api_url" \
42 |         -H "Authorization: Bearer $api_key" \
43 |         -H "Content-Type: application/json" \
44 |         --data '{"value": "under_attack"}' --silent \
45 |         | jq -r '.success')
46 |     if [ "$result" = "true" ]; then
47 |         echo "Under Attack mode enabled."
48 |     fi
49 | elif [ $(echo "$max_loadavg < $loadavg" | bc) -ne 1 ] && [ "$current_security_level" = "under_attack" ]; then
50 |     # Disable Under Attack Mode
51 |     result=$(curl -X PATCH "$api_url" \
52 |         -H "Authorization: Bearer $api_key" \
53 |         -H "Content-Type: application/json" \
54 |         --data "{\"value\": \"$default_security_level\"}" --silent \
55 |         | jq -r '.success')
56 |     if [ "$result" = "true" ]; then
57 |         echo "Under Attack mode disabled."
58 |     fi
59 | else
60 |     echo "No changes."
61 | fi
62 | 


--------------------------------------------------------------------------------