Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
abelanger 9 hours ago

If anyone needs commands for turning off the CF proxy for their domains and happens to have a Cloudflare API token.

First you can grab the zone ID via:

    curl -X GET "https://api.cloudflare.com/client/v4/zones" -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" | jq -r '.result[] | "\(.id) \(.name)"'
And a list of DNS records using:

    curl -X GET "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records" -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json"
Each DNS record will have an ID associated. Finally patch the relevant records:

    curl -X PATCH "https://api.cloudflare.com/client/v4/zones/$ZONE_ID/dns_records/$RECORD_ID" -H "Authorization: Bearer $API_TOKEN" -H "Content-Type: application/json" --data '{"proxied":false}'
Copying from a sibling comment - some warnings:

- SSL/TLS: You will likely lose your Cloudflare-provided SSL certificate. Your site will only work if your origin server has its own valid certificate.

- Security & Performance: You will lose the performance benefits (caching, minification, global edge network) and security protections (DDoS mitigation, WAF) that Cloudflare provides.

- This will also reveal your backend internal IP addresses. Anyone can find permanent logs of public IP addresses used by even obscure domain names, so potential adversaries don't necessarily have to be paying attention at the exact right time to find it.

duggan 9 hours ago | parent | next [-]

Also, for anyone who only has an old global API key lying around instead of the more recent tokens, you can set:

  -H "X-Auth-Email: $EMAIL_ADDRESS" -H "X-Auth-Key: $API_KEY"
instead of the Bearer token header.

Edit: and in case you're like me and thought it would be clever to block all non-Cloudflare traffic hitting your origin... remember to disable that.

sam-cop-vimes 9 hours ago | parent | prev | next [-]

This is exactly what we've decided we should do next time. Unfortunately we didn't generate an API token so we are sitting twiddling our thumbs.

Edit: seems like we are back online!

napsterbr 9 hours ago | parent | next [-]

Took me ~30 minutes but eventually I was able to log in, get past the 2FA screen and change a DNS record.

I surely missed a valid API token today.

firecall 9 hours ago | parent [-]

I'm still trying.

Still can't load the Turnstile JS :-/

biinjo 8 hours ago | parent | next [-]

Turnstile is back up (for now). Go refresh. I just managed to make an API key and turn off proxied DNS.

fragmede 5 hours ago | parent | prev [-]

install tweak chrome extension and mitm yourself and force the js to load from somewhere else

basch 8 hours ago | parent | prev [-]

Im able to generate keys right now through warp. Login takes forever but it is working.

mig4ng 9 hours ago | parent | prev | next [-]

Awesome! I did it via the Terraform provider, but for anyone else without access to the dashboard this is great. Thank you!

jlundberg 5 hours ago | parent | prev | next [-]

Good advice!

And no need for -X GET to make a GET request with curl, it is the default HTTP method if you don’t send any content.

If you do send content with say -d curl will do a POST request, so no need for -X then either.

For PATCH though, it is the right curl option.

basch 8 hours ago | parent | prev | next [-]

If anyone needs the internet to work again (or to get into your cf dashboard to generate API keys), if you have Cloudflare WARP installed, turning it on appears to fix otherwise broken sites. Maybe using 1.1.1.1 does too, but flipping the radio box was faster. Some parts of sites are still down, even after tunneling into to CF.

adi_kurian 8 hours ago | parent [-]

super helpful. thanks!

looks like i can get everywhere i couldn't except my cloudflare dash.

basch 8 hours ago | parent [-]

Its absurdly slow (like multiple minutes to get the login page to fully load for the login button to be pressable, due to catchpa...), but I was able to log into the dashboard. It's throwing lots of errors once inside, but I can navigate around some of it. YMMV.

My profile (including api tokens,) and websites pages all work, the accounts tab above website on the left does not.

JoeOfTexas 4 hours ago | parent | prev [-]

I would advise against this action. Just ride the crash.

RKFADU_UOFCCLEL 2 hours ago | parent [-]

If people knew how to play the 5 hour long game they wouldn't have been using Cloudflare in the first place.