I set up quite a few domains with Cloudflare, and I’ve been manually applying the same firewall rules to each of them. Blocking known bots, restricting access to admin routes, etc. As the list of websites increased, this was becoming more time-consuming.
So, as the engineer that I am, I decided to build a free, online tool that enables anyone to copy rules from one zone (let’s call it source zone), to a list of zones (will call these target zones). Let me show you how to use it.
(If you’re more of a visual person, watch this video instead)
Step 1: Navigate to the WAF Sync Tool
Start by going to the WAF Sync Tool page of this site.
Step 2: Input the source zone credentials
Pick a Cloduflare zone where you already have all the WAF rules that you want to copy over. Find the zone ID, API email, and API key for that domain; if you’re wondering where to get this information, check out this post.
Enter the credentials into the “Source Zone” section of the WAF Sync Tool.
Step 3: Provide target zones list
Upload a CSV file containing information about the domains where you want to copy/paste the firewall rules. This file must include, in the exact order: zone ID, zone name, API email, and API key.
The beauty of this CSV file is that you can easily include a large number of domains, across different Cloudflare accounts.
You can either create this file manually - here’s a sample file to help you get started. Or, use the Zone Export Tool I built, which enables you to download the credentials for all domains attached to a given list of Cloudflare accounts; I’ve written another blog post on how to use this tool.
Step 4: Review and execute
Click “View Sync Plan” to check what rules are going to be applied, and to which zones they’ll be copied over to.
Then click “Apply Rules to Zones” to execute the plan; after a few seconds, the tool will inform you whether the copying was successful.
So there you have it! A quick and easy way to apply Cloudflare WAF security rules to a large number of domains.
Got any questions/feedback? Use the contact form, or reach out to me on LinkedIn.