Skip to content

Automatically add the public IP of the GitHub Action runner to Cloudflare's firewall IP Access rules.

Notifications You must be signed in to change notification settings

xiaotianxt/bypass-cloudflare-for-github-action

Use this GitHub action with your project
Add this Action to an existing workflow or create a new one
View on Marketplace

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

8 Commits
 
 
 
 

Repository files navigation

Bypass Cloudflare for GitHub Action

Never receive 403 Forbidden from Cloudflare again.

Requests from GitHub Action servers to a Cloudflare proxied host may be blocked by Cloudflare's Web Application Firewall(WAF) or Bot Fight Mode. This action automatically adds the public IP of the GitHub Action runner to Cloudflare's firewall IP Access rules.

Features

  • Automatically retrieves the public IP of the GitHub Action runner.
  • Adds the runner's IP to Cloudflare's firewall access rules.
  • Waits for the IP to appear in Cloudflare's access rules.
  • Cleans up by removing the IP from Cloudflare's access rules after the job is complete.

Inputs

Input Description Required
cf_zone_id Cloudflare Zone ID true
cf_api_token Cloudflare API Token true

Outputs

Output Description
rule_id The ID of the created access rule

Usage

To use this action, create a workflow in your repository's .github/workflows directory. Below is an example workflow file:

name: Bypass Cloudflare for API Access
on: [push]
jobs:
  manage-ip-whitelist:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout repository
        uses: actions/checkout@v2
      - name: Bypass Cloudflare for GitHub Action
        uses: xiaotianxt/[email protected]
        with:
          cf_zone_id: ${{ secrets.CF_ZONE_ID }}
          cf_api_token: ${{ secrets.CF_API_TOKEN }}
      - name: Send request to Cloudflare-protected server
        run: curl https://example.com/api

Important Note

This action requires a Cloudflare API Token, not the Global API Key. To create an API token:

  1. Log in to the Cloudflare dashboard.
  2. Go to "My Profile" > "API Tokens".
  3. Click "Create Token".
  4. Use the "Edit zone DNS" template or create a custom token with the following permissions:
    • Zone > Firewall Services > Edit
    • Zone > DNS > Edit (if needed)
  5. Set the token to access the specific zone you're working with.
  6. Create the token and save it securely.

Remember to add your Cloudflare Zone ID and the new API Token to your GitHub repository secrets as CF_ZONE_ID and CF_API_TOKEN respectively.

About

Automatically add the public IP of the GitHub Action runner to Cloudflare's firewall IP Access rules.

Topics

Resources

Stars

Watchers

Forks

Packages

No packages published

Contributors 3

  •  
  •  
  •