Skip to content

feat(cloudflare): Add DNS, Firewall, and WAF services with checks #9426

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
HugoPBrito wants to merge 1 commit into
base: cloudflare-pr3-bot-config-checks
Choose a base branch
from
Draft

feat(cloudflare): Add DNS, Firewall, and WAF services with checks #9426

HugoPBrito wants to merge 1 commit into from

Conversation

@HugoPBrito
Copy link
Member

@HugoPBrito HugoPBrito commented Dec 3, 2025

Context

This PR completes the Cloudflare provider by adding DNS, Firewall, and WAF services. This is part 4 of 4 PRs for complete Cloudflare support.

Depends on: #9425

Description

Adds 3 new services with 4 security checks:

DNS Service (1 check):

Check Description
dns_records_proxied Validates DNS records are proxied through Cloudflare

Firewall Service (2 checks):

Check Description
firewall_has_blocking_rules Ensures firewall has blocking rules configured
firewall_rate_limiting_configured Validates rate limiting is configured at firewall level

WAF Service (1 check):

Check Description
waf_owasp_enabled Validates OWASP ruleset is enabled

Steps to review

  1. Review DNS service in prowler/providers/cloudflare/services/dns/
  2. Review Firewall service in prowler/providers/cloudflare/services/firewall/
  3. Review WAF service in prowler/providers/cloudflare/services/waf/
  4. Test locally: 
    prowler cloudflare --api-token <token> --service dns

Checklist

License

By submitting this pull request, I confirm that my contribution is made under the terms of the Apache 2.0 license.

@HugoPBrito
feat(cloudflare): add DNS, Firewall, and WAF services with checks
3a33558 
Adds additional Cloudflare services to complete the provider:

DNS service:
- dns_records_proxied: Validates DNS records are proxied through Cloudflare

Firewall service:
- firewall_has_blocking_rules: Ensures firewall has blocking rules configured
- firewall_rate_limiting_configured: Validates rate limiting is configured

WAF service:
- waf_owasp_enabled: Validates OWASP ruleset is enabled
@HugoPBrito HugoPBrito force-pushed the cloudflare-pr3-bot-config-checks branch from 6451264 to 6668931 Compare December 3, 2025 11:36
@HugoPBrito HugoPBrito force-pushed the cloudflare-pr4-dns-firewall-waf branch from 210304c to 3a33558 Compare December 3, 2025 11:37
@HugoPBrito HugoPBrito mentioned this pull request Dec 3, 2025
Draft
5 tasks
@HugoPBrito HugoPBrito added provider/cloudflare no-merge Please, DO NOT MERGE this PR. labels Dec 3, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

no-merge Please, DO NOT MERGE this PR. provider/cloudflare

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@HugoPBrito