Subscribe to receive notifications of new posts:

Using the CloudFlare API to report spam on your site back to CloudFlare


2 min read

CloudFlare Ninja killing spam

CloudFlare loves threat data. CloudFlare's sytem continually gets smarter through a variety of ways, including through user-reported data. So for example, users can add IP and IP ranges to their Block List. This information is fed back to the CloudFlare system benefiting the entire community. Recently, we also made some enhancements to our API that makes it even easier for CloudFlare users to feed reports of spam back to CloudFlare.

Reporting spam to CloudFlare with WordPress

If you run are running your website on WordPress, you can easily share spam data with CloudFlare.

  1. If you don't have the CloudFlare plugin installed, you will first need to install the CloudFlare WordPress plugin to get the spam reporting benefits.
  2. After you install the plugin, please go to the sidebar in WordPress for 'Plugins' and click on CloudFlare.
  3. You will need to enter in the CloudFlare API key and your CloudFlare account email address in the fields at the bottom of the configuration page. You can find your CloudFlare API key on your account page.
  4. After you've configured the plugin, you will be able to report spam back to CloudFlare for comments that are found under 'All' or 'Pending' comments. If you want to select only one comment as spam, click on the 'spam' option and this will report the data back to CloudFlare. If you want to do a bulk report of spam comments, you can also use the bulk selector to mark the items as spam like you do now.

Note: You will not be able to report spam that is already marked as spam.

Reporting spam to CloudFlare with the regular API

If you're not using WordPress, or if you want to report spam a little differently, you can use our Client Interface API to report spam back to us.

To interface with the CloudFlare Client Interface API you will need:

  • Your API Key (which is available on your account page)
  • Your account's email address
  • The root domain name for a website under your account

You may interface with the API via HTTPS POST or GET requests to Unencrypted HTTP requests are not supported. Responses are returned in a JSON format.

The API call to send spam to CloudFlare:

$value = array("a" =\> $comment-\>comment\_author,   
              "am" =\> $comment-\>comment\_author\_email,  
              "ip" =\> $comment-\>comment\_author\_IP,  
              "con" =\> substr($comment-\>comment\_content, 0, 100));  
$url = "/ajax/external-event.html?evnt\_v=" .urlencode(json\_encode($value)) .

send to, port 443;

This threat data is used to make CloudFlare smarter and benefits not only your website, but the entire community. Let us know if you have any suggestions for making it easier to feed threat data to us.

Thanks for making the web a better place!

We protect entire corporate networks, help customers build Internet-scale applications efficiently, accelerate any website or Internet application, ward off DDoS attacks, keep hackers at bay, and can help you on your journey to Zero Trust.

Visit from any device to get started with our free app that makes your Internet faster and safer.

To learn more about our mission to help build a better Internet, start here. If you're looking for a new career direction, check out our open positions.

Follow on X


Related posts