The "IP Penalty Box with Timeout via Slack (Cloudflare)" workflow template is designed to enhance network security measures by allowing teams to quickly respond to threats. When a security alert indicates a problematic IP, a user can execute a Slack command to temporarily block an IPv4 or IPv6 address directly in Cloudflare. The automated process verifies the address type, adds it to Cloudflare's IP Access Rules to enforce the block, and then automatically lifts the block after a predefined delay—streamlining the response to web security alerts without ongoing manual oversight.
Trigger
Slack
Optional Triggers
Webhook,"Microsoft Teams",Webex
Use Cases
Remediate Network Security Alerts , Remediate Web Security Alerts
Workflow Breakdown
Send the command Cloudflare_Penalty via slack with the IPv4 or IPv6 address to block
Verify which type of address to handle
Add the address to the IP Access Rules in Cloudflare
If no address is provided, provide a message back to the user
If the block was successful, wait for the delay and remove the block when it expires
Vendors
Slack, Utils, Cloudflare
Tips
Set the command for Slack in the \"Will trigger when\" section of the trigger.","Adjust the desired delay in the Set Workflow Variables step