🤖 m0rph's wiki

Search

SearchSearch

Отключаем Cloudflare ECH

Nov 26, 20242 min read

На бесплатном аккаунте Cloudflare из интерфейса нельзя отключить Encrypted Client Hello (aka ECH) для домена.

Поэтому приходится делать это через API:

curl -X PATCH "https://api.cloudflare.com/client/v4/zones/{ID_ZONE}/settings/ech" \
    -H "X-Auth-Email: {ACCOUNT_EMAIL}" \
    -H "X-Auth-Key: {GLOBAL_API_KEY}" \
    -H "Content-Type:application/json" --data '{"id":"ech","value":"off"}'

— для этого потребуется ACCOUNT_EMAIL - почта к которой привязан аккаунт Cloudflare, GLOBAL_API_KEY - глобальный API-ключ аккаунта, ID_ZONE - id зоны DNS = id домена, для которого мы собираемся выключить ECH

Альтернативный подход: отключить скриптом (👉 источник) для ВСЕХ доменных зон в аккаунте:

#!/bin/bash
 
ACCOUNT_EMAIL="$1"
GLOBAL_API_KEY="$2"
OPTION="${3:-ech}"
VALUE="${4:-off}"
 
if [ -z "${ACCOUNT_EMAIL}" ] || [ -z "${GLOBAL_API_KEY}" ]; then
        echo "Usage: $0 CLOUDFLARE_ACCOUNT_EMAIL CLOUDFLARE_GLOBAL_API_KEY [OPTION] [VALUE]"
        echo
        echo "Set specified setting for all zones for given account"
        echo "By default disable TLS ECH, that can not be done from web UI for free accounts"
        echo "To disable TLS 1.3 use this option: tls_1_3 off"
        echo
        echo "Docs: https://developers.cloudflare.com/api/operations/zone-settings-get-all-zone-settings"
        echo "Get all available zone settings: GET https://api.cloudflare.com/client/v4/zones/ID_ZONE/settings"
        exit 1
fi
 
type curl && type jq || exit 1
 
# https://developers.cloudflare.com/api/operations/zones-get
zones=$(curl -s -X GET "https://api.cloudflare.com/client/v4/zones?per_page=50" \
     -H "X-Auth-Email: ${ACCOUNT_EMAIL}" \
     -H "X-Auth-Key: ${GLOBAL_API_KEY}")
 
num_pages=$(echo "$zones" | jq --exit-status -r ".result_info.total_pages") || { echo "Something went wrong"; exit 1; }
 
for page in $(seq 1 $num_pages); do
        curl -s -X GET "https://api.cloudflare.com/client/v4/zones?per_page=50&page=$page" \
        -H "X-Auth-Email: ${ACCOUNT_EMAIL}" \
        -H "X-Auth-Key: ${GLOBAL_API_KEY}" \
        | jq '.result' | jq '.[]' | jq -c '[.id,.name]' \
        | while read -r i; do
                ID_ZONE=$(echo "$i" | jq -r '.[0]')
                NAME_ZONE=$(echo "$i" | jq -r '.[1]')
 
                echo "Zone id: ${ID_ZONE}"
                echo "Name: ${NAME_ZONE}"
                echo "Changing ${OPTION} to ${VALUE} ..."
 
                curl -s -X PATCH "https://api.cloudflare.com/client/v4/zones/${ID_ZONE}/settings/${OPTION}" \
                -H "X-Auth-Email: ${ACCOUNT_EMAIL}" \
                -H "X-Auth-Key: ${GLOBAL_API_KEY}" \
                -H "Content-Type:application/json" --data "{\"id\":\"${OPTION}\",\"value\":\"${VALUE}\"}" | jq
        done
done

Graph View

Backlinks

  • No backlinks found