Cloudflare Zone Security Policy Comparison Tool

📦 What's Included

🐍
cf_zone_security_compare.py Main comparison tool — fetches policies via API, generates HTML diff report
📊
sample_report.html Example output — see what the comparison report looks like with mock data
📖
README.md Full documentation — usage, API permissions, config options

⬇ Download Python Tool 👁 View Sample Report 📖 View README

🚀 Quick Start

Prerequisites

Python 3.8+ installed
requests library (auto-installed on first run)
Cloudflare API token with read permissions (see below)

Required API Token Permissions

Permission	Level	Needed For
Zone WAF Read	Zone	WAF rules, custom/managed rules
Zone Settings Read	Zone	Security settings comparison
Firewall Services Read	Zone	IP access rules
Zone Read	Zone	Zone listing and details

Run It

# Compare all zones in your account
python cf_zone_security_compare.py --token YOUR_TOKEN --account YOUR_ACCOUNT_ID

# Compare specific zones
python cf_zone_security_compare.py --token YOUR_TOKEN --zones ZONE_ID_1,ZONE_ID_2

# Use environment variable for token
export CLOUDFLARE_API_TOKEN=your_token
python cf_zone_security_compare.py --account YOUR_ACCOUNT_ID

# Use a config file
python cf_zone_security_compare.py --config config.json

📊 What the Report Shows

Category	What's Compared
WAF Custom Rules	Expressions, actions, enabled state
WAF Managed Rules	Deployed rulesets, overrides
Rate Limiting	Rate limit configurations
DDoS L7	L7 DDoS protection rules
Bot Fight Mode	Super Bot Fight Mode rules
Security Settings	TLS, security level, browser check, challenge TTL
IP Access Rules	Allowlists, blocklists, challenges

For each category, rules are classified as:

✅ Identical — same across all zones
⚠️ Divergent — same expression, different action/config
🔀 Partial — present in some zones but not all
🔶 Unique — only exists in one zone

🛡️ Zone Security Policy Comparison Tool

📦 What's Included

🚀 Quick Start

Prerequisites

Required API Token Permissions

Run It

📊 What the Report Shows