GitHub - netcon-source/CloudFlare-Tools: Tools which enable you to get the full benefit of using the ClouldFlare service.

netcon-source / CloudFlare-Tools Public

forked from cloudflarearchive/Cloudflare-Tools

Notifications You must be signed in to change notification settings
Fork 0
Star 1

Tools which enable you to get the full benefit of using the ClouldFlare service.

www.cloudflare.com

1 star 38 forks Branches Tags Activity

Star

Notifications

Branches Tags

Name		Name	Last commit message	Last commit date
Latest commit History 51 Commits
cf-joomla		cf-joomla
cloudflare		cloudflare
README		README
ddclient		ddclient
mod_cloudflare.c		mod_cloudflare.c

Repository files navigation

A repo for user facing tools.
Currently, this includes:

======> mod_cloudflare.c

Based on mod_remoteip.c, this apache extension will replace the remote_ip variable in user's logs with the correct remote_ip sent from CloudFlare. 
This also does authentication, only performing the switch for requests originating from 204.93.173.0/24 (by default).

To install: 

# apxs2 -a -i -c mod_cloudflare.c

No further configuration is needed. However, if you wish to override the default values, the following directives are exposed:

* CloudFlareRemoteIPHeader 

This specifies the header which contains the original IP. Default:

CloudFlareRemoteIPHeader CF-Connecting-IP

* CloudFlareRemoteIPTrustedProxy 

This is the IP range from which we will allow the CloudFlareRemoteIPHeader to be used from. Default:

CloudFlareRemoteIPTrustedProxy 204.93.240.0/24
CloudFlareRemoteIPTrustedProxy 204.93.177.0/24
CloudFlareRemoteIPTrustedProxy 204.93.173.0/24
CloudFlareRemoteIPTrustedProxy 199.27.128.0/21
CloudFlareRemoteIPTrustedProxy 173.245.48.0/20

Note that on some Debian systems, you may have to add a LoadModule directive manually. This should look like:

LoadModule cloudflare_module /usr/lib/apache2/modules/mod_cloudflare.so

Replace /usr/lib/apache2/modules/mod_cloudflare.so with the path to mod_cloudflare.so on your system.

If you cannot find apxs or apxs2, on a Debian or Ubuntu distro you can install this tool with:

# apt-get install apache2-prefork-dev

NOTES: 

*) If mod_cloudflare and mod_remoteip are enabled on the same web server, the server will crash if they both try to set the remote IP to a different value.
*) Enableing mod_cloudflare will not effect the performance of Apache in any noticable maner. AB testing both over LAN and WAN show no equalilent numbers with and without mod_cloudflare.
*) If you like, you may also add the directive DenyAllButCloudFlare. This will result in all requests from IPs which are not in the CloudFlareRemoteIPTrustedProxy range being denied with a status of 403.

======> ddclient

A port of ddclient (http://sourceforge.net/projects/ddclient/) this includes support for using the CloudFlare dynamic DNS updating system.
** We are working to integrate the CloudFlare patch into the projects main branch, but this has not happened yet. **

-------------------------------------------------------------------------------
REQUIREMENTS:

- Perl 5.004 or later
  (you need the IO::Socket::SSL perl library for ssl-support)

-------------------------------------------------------------------------------
INSTALLATION:

  cp ddclient /usr/sbin/
  mkdir /etc/ddclient
  mkdir /var/cache/ddclient
  cp sample-etc_ddclient.conf /etc/ddclient/ddclient.conf
  vi /etc/ddclient/ddclient.conf
  -- and change hostnames, logins, and passwords appropriately 

For CloudFlare, this should be:

##
## CloudFlare (cloudflare.com)
##
ssl=yes	
protocol=cloudflare,                           \
server=www.cloudflare.com,                     \
login=myemail@foo.com                          \
password=my-cloudflare-auth-token              \
my-awsome-site.com,

To run in debug mode: ddclient -daemon=0 -debug -verbose -noquiet

See the docs at http://sourceforge.net/projects/ddclient for full configuration and installation instructions.