ben.carrasco/prowler
1
0
Fork 0
mirror of https://github.com/prowler-cloud/prowler.git synced 2026-05-06 08:47:18 +00:00
Code Issues Packages Projects Releases Wiki Activity
Files
d23c2f3b5317ca8aa1bb3031093b7ba85941f172
prowler/docs/user-guide/providers/cloudflare/getting-started-cloudflare.mdx
T
Pablo Fernandez Guerra (PFE) d23c2f3b53 refactor(ui): standardize "Providers" wording across UI and docs (#10971) 
Co-authored-by: Pablo F.G <pablo.fernandez@prowler.com>
Co-authored-by: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
2026-05-05 14:39:54 +02:00

179 lines
5.3 KiB
Plaintext
Raw Blame History

---
title: 'Getting Started With Cloudflare on Prowler'
---
import { VersionBadge } from "/snippets/version-badge.mdx"
Prowler for Cloudflare scans zones for security misconfigurations, including SSL/TLS settings, DNSSEC, HSTS, WAF rules, DNS records, and more.
## Prerequisites
Set up authentication for Cloudflare with the [Cloudflare Authentication](/user-guide/providers/cloudflare/authentication) guide before starting either path:
- Create a Cloudflare User API Token (recommended) or locate the Global API Key
- Grant the required read-only permissions (`Account Settings:Read`, `Zone:Read`, `Zone Settings:Read`, `DNS:Read`)
- Identify the Cloudflare Account ID to use as the provider identifier
<CardGroup cols={2}>
<Card title="Prowler Cloud" icon="cloud" href="#prowler-cloud">
Onboard Cloudflare using Prowler Cloud
</Card>
<Card title="Prowler CLI" icon="terminal" href="#prowler-cli">
Onboard Cloudflare using Prowler CLI
</Card>
</CardGroup>
## Prowler Cloud
<VersionBadge version="5.19.0" />
### Step 1: Locate the Account ID
1. Log into the [Cloudflare Dashboard](https://dash.cloudflare.com).
2. Select any zone in the target account.
3. On the zone overview page, find the **Account ID** in the right sidebar under the "API" section.
![Cloudflare Account ID](/images/providers/cloudflare-account-id.png)
<Note>
The Account ID is a 32-character hexadecimal string (e.g., `372e67954025e0ba6aaa6d586b9e0b59`). This value acts as the unique identifier for the Cloudflare account in Prowler Cloud.
</Note>
### Step 2: Open Prowler Cloud
1. Go to [Prowler Cloud](https://cloud.prowler.com/) or launch [Prowler App](/user-guide/tutorials/prowler-app).
2. Navigate to "Configuration" > "Providers".
![Providers Page](/images/prowler-app/cloud-providers-page.png)
3. Click "Add Provider".
![Add a Provider](/images/prowler-app/add-cloud-provider.png)
4. Select "Cloudflare".
![Select Cloudflare](/images/providers/select-cloudflare-prowler-cloud.png)
5. Add the **Account ID** and an optional alias, then click "Next".
![Add Cloudflare Account ID](/images/providers/cloudflare-account-id-form.png)
### Step 3: Choose and Provide Authentication
After the Account ID is in place, select the authentication method that matches the Cloudflare setup:
![Select Authentication Method](/images/providers/cloudflare-auth-selection.png)
#### User API Token Authentication (Recommended)
1. Select **API Token**.
2. Enter the **User API Token** created in the Cloudflare Dashboard.
![API Token Form](/images/providers/cloudflare-token-form.png)
Use this method for scoped, least-privilege access. Full setup steps are in the [Authentication guide](/user-guide/providers/cloudflare/authentication#api-token-recommended).
#### API Key and Email Authentication (Legacy)
1. Select **API Key + Email**.
2. Enter the **Global API Key**.
3. Enter the **email address** associated with the Cloudflare account.
![API Key and Email Form](/images/providers/cloudflare-api-email-form.png)
For the complete setup workflow, follow the [Authentication guide](/user-guide/providers/cloudflare/authentication#api-key-and-email-legacy).
### Step 4: Launch the Scan
1. Review the summary.
2. Click **Launch Scan** to start auditing Cloudflare.
![Launch Scan](/images/providers/cloudflare-launch-scan.png)
---
## Prowler CLI
<VersionBadge version="5.17.0" />
### Step 1: Set Up Authentication
Choose the matching method from the [Cloudflare Authentication](/user-guide/providers/cloudflare/authentication) guide:
- **User API Token** (recommended): Set `CLOUDFLARE_API_TOKEN`
- **API Key + Email** (legacy): Set `CLOUDFLARE_API_KEY` and `CLOUDFLARE_API_EMAIL`
### Step 2: Run the First Scan
Run a baseline scan after credentials are configured:
```console
prowler cloudflare
```
Prowler automatically discovers all zones accessible with the provided credentials and runs security checks against them.
### Step 3: Filter the Scan Scope (Optional)
#### Filter by Zone
To scan only specific zones, use the `-f`, `--region`, or `--filter-region` argument:
```console
prowler cloudflare -f example.com
```
Multiple zones can be specified:
```console
prowler cloudflare -f example.com example.org
```
Zone IDs are also supported:
```console
prowler cloudflare -f 023e105f4ecef8ad9ca31a8372d0c353
```
#### Filter by Account
To restrict the scan to specific accounts, use the `--account-id` argument:
```console
prowler cloudflare --account-id 372e67954025e0ba6aaa6d586b9e0b59
```
Multiple account IDs can be specified:
```console
prowler cloudflare --account-id 372e67954025e0ba6aaa6d586b9e0b59 9a7806061c88ada191ed06f989cc3dac
```
<Note>
If any of the provided account IDs are not accessible with the current credentials, Prowler raises an error and stops execution.
</Note>
Account and zone filtering can be combined to narrow the scan scope further:
```console
prowler cloudflare --account-id 372e67954025e0ba6aaa6d586b9e0b59 -f example.com
```
### Step 4: Use a Custom Configuration (Optional)
Prowler uses a configuration file to customize provider behavior. The Cloudflare configuration includes:
```yaml
cloudflare:
# Maximum number of retries for API requests (default is 2)
max_retries: 2
```
To use a custom configuration:
```console
prowler cloudflare --config-file /path/to/config.yaml
```
---
Reference in New Issue View Git Blame Copy Permalink