HeadShot September 2014.jpg

Kieran Jacobsen is the Head of Information Technology at Readify, a Microsoft MVP and regular speaker at conferences throughout Australia.

Posh-CloudFlare managing CloudFlare using PowerShell

The aim of the Posh-CloudFlare module is to simply and automate the management of CloudFlare hosted DNS zones using PowerShell and the CloudFlare Client API. I have made the module available via the PoshSecurity GitHub, here Posh-CloudFlare.

I started looking at CloudFlares API several months ago, as part of another post which I am still working on. Back then I was simply looking at the creation and deletion or records.

Things changed when I found that I needed to spend quite a bit of time working with DNS. Provisioning new infrastructure within cloud environments is something I spend a significant amount of time doing, and am actively investigating the automation of it, and as such, become interested in other parts of the API.

This module now implements all of the Client API, with 22 CMDLets in total. To simplify things, I have documented what CMDLet maps to what API call below:


API Actions


3.1 - "stats" - Retrieve domain statistics for a given time frame


3.2 - "zone_load_multi" - Retrieve the list of domains


3.3 - "rec_load_all" - Retrieve DNS Records of a given domain


3.4 - "zone_check" - Checks for active zones and returns their corresponding zids


3.6 - "ip_lkup" - Check threat score for a given IP


3.7 - "zone_settings" - List all current setting values


4.1 - "sec_lvl" - Set the security level


4.2 - "cache_lvl" - Set the cache level


4.3 - "devmode" - Toggling Development Mode


4.4 - "fpurge_ts" -- Clear CloudFlare's cache


4.5 - "zone_file_purge" -- Purge a single file in CloudFlare's cache




4.6 - "wl" / "ban" / "nul" -- Whitelist/Blacklist/Unlist IPs


4.7 - "ipv46" -- Toggle IPv6 support


4.8 - "async" -- Set Rocket Loader


4.9 - "minify" -- Set Minification


4.10 - "mirage2" -- Set Mirage2


5.1 - "rec_new" -- Add a DNS record


5.2 - "rec_edit" -- Edit a DNS record


5.3 - "rec_delete" -- Delete a DNS record

The Client API can be a little tricky at first, I have developed the CMDLets in a manner to simplify the learning curve. Typically any API call which modifies or removes a DNS record, would require a rec_id to be specified. This field can be found by querying all of the records in the zone. I have simplified things by performing the search and other API queries for you. You can still specify a rec_id if you like.

Switches and parameter validation sets have been used to simplify some of the other CMDLets, particularly those around minification, security and other zone wide settings.

Finally I have tried where possible to make good use of the Pipeline. There are still a number of areas that could be improved.

Getting Started

The first thing you will need to do, is obtain your API Token. This can be found on your Account page. You will need this, and the email address you use to sign into CloudFlare for the majority of the CMDLets. For CMDLets which modify DNS Zones or records, you will need to specify the zone as well.

To obtain the module, simply perform a git clone to your preferred module location as below:

I have included a demo script, Posh-CloudFlare-Demo.ps1 at the root level of the module, which you can run on the namespace of your choice. I recommend not using your corporate production domain. At the top of this script, simply update the API Token, Email and domain name fields as required.

You can then run the script, and see it manipulate the DNS zone. I am not responsible if this breaks production. This script shows you each CMDLet and it's output. I don't recommend simply running the script, I recommend stepping through each line so you gain more of an understanding.

Potential Uses

The automatic provisionment of cloud hosted environments is why this was developed as well as another project I will announce in the coming future. For now, I see myself working on at least one module to support the automation of Office 365 provisioning, including creating the TXT, MX and SRV required.


Firstly, I haven’t finished up the PowerShell help – Naughty! I will work on this one as I go.

Secondly, there might be some bugs. Whilst I have tried to test the majority of the permutations of the code, I can’t be fully sure I haven’t missed something. If you find one, please feel free to contact me and I will make the required fixes, or even better, push your updates up to GitHub.

Kieran Jacobsen

First Impressions: MSI GS30 Shadow Pt1 - A work/play laptop

Welcome to Posh Security