Feature Request: Add support for Cloudflare Access

[Gamerou]

I would love the option to whitelist my ip in a policy for an App in cloudflare Access. I have made a script to do that for me but it works not so well.

[favonia]

@Gamerou Thank you. I'm super ignorant about the API for Cloudflare Access (even though I'm using it...). Is it possible to create a policy based on a list? If so, I will feel very motivated to resolve #646 and this one by implementing the mechanism to maintain a Cloudflare list.

[Gamerou]

@Gamerou Thank you. I'm super ignorant about the API for Cloudflare Access (even though I'm using it...). Is it possible to create a policy based on a list? If so, I will feel very motivated to resolve #646 and this one by implementing the mechanism to maintain a Cloudflare list.

Yes, I think that should work. Have a look here: https://github.com/Gamerou/cloudflare_access_ip_whitelist/blob/main/cloudflare_access_ip_whitelist_normal.sh This is how I solved it, but of course it would be much nicer if it were integrated

[favonia]

Hi @Gamerou I'm working on Cloudflare lists (#646) and discovered that they only support IPv6 /64 ranges instead of individual IPv6 addresses. Would the limitation be an issue for you?

[Gamerou]

Hi @Gamerou I'm working on Cloudflare lists (#646) and discovered that they only support IPv6 /64 ranges instead of individual IPv6 addresses. Would the limitation be an issue for you?

No problem, and cool that you're working on it!

[favonia]

@Gamerou Design question for you: if for whatever reasons you have DELETE_ON_STOP=1, do you want the list to be deleted when the program exists? (I don't know what would happen when a rule refers to a non-existent list.)

[Gamerou]

If DELETE_ON_STOP=1, it makes sense to delete the list when the program exits. However, you need to ensure that this won't cause issues with rules referring to the now non-existent list. Ideally, handle this by either:

Cleaning up dependent rules that reference the list before deleting it.
Logging a warning that references to the deleted list could cause issues.
This way, you avoid potential errors or unexpected behavior in the system.

[favonia]

@Gamerou I actually did some tests already and Cloudflare would prevent the deletion if a rule is using the list. Is it okay not to delete the rule and just print out the error? (This is the current implementation in the PR #797.)

[Gamerou]

If Cloudflare prevents the deletion when a rule is using the list, it's reasonable not to delete the rule and just print out the error. This approach ensures that your program won't cause unexpected behavior by deleting lists that are still in use.

Given this, your current implementation in PR #797 sounds appropriate. Thank you!