Skip to main content
← back to extensions

Cloudflare Audit

@webframp/cloudflare-auditv2026.04.22.2· 8d agoWORKFLOWS·REPORTS
01README

Cloudflare security and configuration audit workflow. Inspects zone settings, DNS records, WAF rules, Workers, and cache configuration, then generates a severity-rated report with findings and recommendations.

Quick Start

swamp extension pull @webframp/cloudflare-audit

swamp model create @webframp/cloudflare/zone cf-zone \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN
swamp model create @webframp/cloudflare/dns cf-dns \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID
swamp model create @webframp/cloudflare/waf cf-waf \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID
swamp model create @webframp/cloudflare/worker cf-worker \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg accountId=ACCOUNT_ID
swamp model create @webframp/cloudflare/cache cf-cache \
  --global-arg apiToken=CLOUDFLARE_API_TOKEN --global-arg zoneId=ZONE_ID

swamp workflow run @webframp/cloudflare-audit --input zoneId=ZONE_ID

Checks Performed

  • SSL mode (off/flexible/full/strict)
  • Always Use HTTPS enabled
  • Development mode disabled
  • Zone paused/active status
  • Firewall rules present and active
  • WAF managed rulesets enabled
  • DNS records proxied (origin IP exposure)
  • Dangling CNAMEs (subdomain takeover risk)
  • CAA records present
  • Worker scripts bound to routes
  • Cache level and hit rate
02Workflows1
@webframp/cloudflare-auditada3d8bb-9cde-436e-8bbc-7a45add10e8d

Cloudflare security and configuration audit. Inspects zone settings, DNS records, WAF rules, Workers, and cache config, then generates a severity-rated report with findings and recommendations.

zone-configGather zone-level settings and metadata
1.list-zonescf-zone.list— List all zones in the account
2.get-settingscf-zone.get_settings— Get zone settings (SSL, HTTPS, security headers)
securityGather WAF and firewall posture data
1.list-rulescf-waf.list_rules— List all firewall rules
2.list-packagescf-waf.list_packages— List WAF managed rulesets
3.security-eventscf-waf.get_security_events— Get recent security events
dns-and-edgeGather DNS records, Workers, and cache config
1.list-dnscf-dns.list— List all DNS records in the zone
2.list-workerscf-worker.list_scripts— List all Worker scripts
3.list-routescf-worker.list_routes— List Worker routes for the zone
4.cache-settingscf-cache.get_settings— Get cache-related zone settings
5.cache-analyticscf-cache.get_analytics— Get cache hit rate and bandwidth analytics
finalizeTrigger report generation after all data gathering completes
1.zone-detailcf-zone.get— Fetch zone detail for report context
03Reports1
@webframp/cloudflare-audit-reportworkflow
cloudflare_audit_report.ts

Analyzes Cloudflare zone configuration for security, DNS hygiene, WAF coverage, worker health, and cache performance

cloudflaresecurityaudit
04Previous Versions2
2026.04.22.1Apr 22, 2026

updated platforms

2026.04.14.1Apr 14, 2026
05Stats
A
100 / 100
Downloads
1
Archive size
15.6 KB
  • Has README or module doc2/2earned
  • README has a code example1/1earned
  • README is substantive1/1earned
  • Most symbols documented1/1earned
  • No slow types1/1earned
  • Has description1/1earned
  • At least one platform tag (or universal)1/1earned
  • Two or more platform tags (or universal)1/1earned
  • License declared1/1earned
  • Verified public repository2/2earned
Repository
https://github.com/webframp/swamp-extensions
06Platforms
07Labels
#cloudflare#security#audit#dns#waf