Home
Welcome to the Cloudflare-Gateway-Pihole wiki!
For Devs, Ops, and everyone who hates Ads.
Create your ad blocklist using Cloudflare Gateway
First inspired by IanDesuyo/CloudflareGatewayAdBlock.
Thanks alot to @nhubaotruong for his contributions.
Readme by @minlaxz.
Added dynamic domain filter (whitelist and blacklist) idea (please check
inifiles, as you may also need to modify those.)
- White list whitelist.ini and block list adlist.ini
- Two kinds of lists
https://raw.githubusercontent.com/bigdargon/hostsVN/master/option/hosts-VNor
[Hosts-Urls]
hostsVN = https://raw.githubusercontent.com/bigdargon/hostsVN/master/option/hosts-VN-
Fork this repository to your account.
-
Grab your Cloudflare Account ID (which after
https://dash.cloudflare.com/) from ➞ https://dash.cloudflare.com/?to=/:account/workers -
Create your API Token from ➞ https://dash.cloudflare.com/profile/api-tokens with 3 permissions
Account.Zero Trust : EditAccount.Account Firewall Access Rules : EditAccount.Access: Apps and Policies : Edit
-
Add Repository Secrets to your forked repository
➞ https://github.com/<username>/<forked-repository>/settings/secrets/actions- Set Cloudflare Account ID to
CF_IDENTIFIER - Set API Token to
CF_API_TOKEN
- Set Cloudflare Account ID to
Github Actions: it has 2 dependent backup workflows re-run and re-run2 in case if the main workflow fails,
They will retry after 5 minutes one after another only if the main workflow has been failed (not cancelled - if you cancelled the main workflow manually, they will not be triggered anyway).
Because limited 2 months commited from Github Actions. So you can create and paste this code to run on Cloudflare Workers. Remember,Github Token generate no expired and all permissions
addEventListener('scheduled', event => {
event.waitUntil(handleScheduledEvent());
});
async function handleScheduledEvent() {
const GITHUB_TOKEN = 'YOUR_GITHUB_TOKEN_HERE';
try {
const dispatchResponse = await fetch('https://api.github.com/repos/YOUR_USER_NAME/YOUR_REPO_NAME/actions/workflows/main.yml/dispatches', {
method: 'POST',
headers: {
'Authorization': `Bearer ${GITHUB_TOKEN}`,
'Content-Type': 'application/json',
'User-Agent': 'Mozilla/5.0',
},
body: JSON.stringify({
ref: 'main'
}),
});
if (!dispatchResponse.ok) throw new Error('Failed to dispatch workflow');
} catch (error) {
console.error('Error handling scheduled event:', error);
}
}Remember set up Cloudflare Workers triggers
-
The limit of
Cloudflare Gateway Zero Trustfree is 300k domains so remember to pay attention to the workflow logs,if it is exceeded, the script will stop -
If you have uploaded lists using another script, you should delete them using the delete feature of the uploaded script or delete them manually
-
I have updated the feature to delete lists when you no longer need to use the script. Go to main.py as follows:
async def main():
adlist_urls = utils.read_urls_from_file("./lists/adlist.ini")
whitelist_urls = utils.read_urls_from_file("./lists/whitelist.ini")
adlist_name = "DNS-Filters"
cloudflaremanager = CloudflareManager(adlist_name, adlist_urls, whitelist_urls)
await cloudflaremanager.leave() # Leave script
# await cloudflaremanager.run()Note from @minlaxz:
- Domain list style: I personally preferred second one in blacklist styles, which has more readablity and concise.
- Dynamic domain list: You can also update your dynamic (fluid) whitelist and blacklist using dynamic_blacklist.txt and dynamic_whitelist.txt
- Deprected using
.env: Setting sensitive information inside a public repository is considered too dangerous use-case, since any unwanted person could easily steal your Cloudflare credentials from that.envfile.