Are you using the same 10 policies for both of your devices?
Yeah, same. I didn't specify DNS location in these policies, so they are applied to all of them by default.
Cloudflare Gateway allows a maximum of 300,000 domains for the free plan and 1,000 domains in a file list.
I'm currently exploring this GitHub repository.
Unlimited
Both. The block page requires Cloudflare certificate installation, which you generate from your Cloudflare Gateway account. You have a default, redirect, or custom block page.
github.com
For my script, the order is maintained by the order I have put the filter list in the script. So, the rule that is created first will be first. The manually created content blocking rules and others order remains the same.
Yeah, I heard that's the advantage of using NPM with separate js files for it to process that it will be quicker than an all-in-one script. I also have a 0.25 sec delay between every Cloudflare API calls. Gemini told me that excessive API calls in a short amount of time could trigger Cloudflare's anti-bot/DDOS protection.
It's understandable why they did that, but AI bots don't know the context behind using the cdn links.
Nice! I will check this out.
Check this guide. It's pretty good.I still have no idea how to set it up.
I registered for Cloudflare account, set up Zero Trust dashboard. Under Network -> Resolver & Proxies, I created DNS location and got DNS IP, DoH and DoT addresses. What now @rashmi?
I already have GitHub account; I believe I need help with GitHub repository and Actions. Why did you opt for that one commit specifically? Can I avoid the limit of 300.000 domains with creating multiple policies (like, each policy for different block list)?
github.com
There's a particular site that I sometimes visit which gets auto blocked by cloudflare and triggers a rubbish cloudflare related stream.ts file download from the link "cloudflare-terms-of-service-abuse.com". So, I simply blocked it to prevent that annoying download.
Do you by any chances have a links you used to "tutor" AI into giving you complete and correct instruction? I tried ChatGPT and IT SUCKS. It gives me options that no longer exist in Cloudflare Dashboard (from old UI) and doesn't even know how to set up settings. I barely got to set up DNS location with its help.For my script, the order is maintained by the order I have put the filter list in the script. So, the rule that is created first will be first. The manually created content blocking rules and others order remains the same.
Yeah, I heard that's the advantage of using NPM with separate js files for it to process that it will be quicker than an all-in-one script. I also have a 0.25 sec delay between every Cloudflare API calls. Gemini told me that excessive API calls in a short amount of time could trigger Cloudflare's anti-bot/DDOS protection.
It probably won't in our case.
It's understandable why they did that, but AI bots don't know the context behind using the cdn links.
Hagezi got a warning from GitHub regarding traffic usage of his repo. His lists are very popular as you know and used by many people. So too much traffic could cause an issue with GitHub. They could rate limit his repo or some other things. So, he recommends everyone to not use the GitHub links anymore. The jsdelivr links are now the default link. So, you should use the cdn links. Otherwise use GitLab or Codeberg mirrors. Hagezi always force remove cache for the cdn link, so they will always be up to date.
Nice! I will check this out.
Check this guide. It's pretty good.
Then you ask chatbots to create you a full guide on how to set it up. Give them the link of the guide. I even found a couple of other guides on google. I gave them links to those guides as well. That's how I did it initially to understand how to start doing things. You can try this if needed.
cloudflare-gateway-pihole-scripts/extended_guide.md at main · mrrfv/cloudflare-gateway-pihole-scripts
Use Cloudflare Gateway DNS/VPN to block ads, malware and tracking domains - free alternative to NextDNS, Pi-hole and AdGuard - mrrfv/cloudflare-gateway-pihole-scripts
In my case, Grok Expert provided the best guide, followed by Gemini Pro. That was Gemini 2.5 Pro. 3.5 Pro is even better now.
There's a particular site that I sometimes visit which gets auto blocked by cloudflare and triggers a rubbish cloudflare related stream.ts file download from the link "cloudflare-terms-of-service-abuse.com". So, I simply blocked it to prevent that annoying download.
This is Grok's guide.
monogr.ph
That's odd. I didn't give any credit/debit card info but can use all the free features
You probably made an account before credit/debit card was needed, right?That's odd. I didn't give any credit/debit card info but can use all the free features
I remember it asking for credit card details. I don't remember what I did after that. Probably the same as you did, I mean the cancel option because I didn't entered my card details.
I'm talking about you not getting access to the free features, while @rashmi and I have, without needing to provide credit card details. The reason is unclear.
https://one.dash.cloudflare.com/your-account-id/traffic-policies/policiesI have access to policies, firewall policies. And I did managed through GitHub to get a list there, however, the list was always with 0 entries. GitHub Actions ran for a few minutes, and then it threw bunch of 405 errors. After consulting with Gemini, and trying to rewrite the script, nothing helped and Gemini told me to go to Gateway section which didn't exist in my account. Then when I told it, it doesn't exist, it said that Cloudflare changed UI for some accounts and now requires credit/debit card to verify and unlock the section.
Step 1: Fetching list...
Found 190333 domains.
Step 2: Getting List ID...
Clearing list...
Syncing 190333 domains...
Chunk 0 failed (405):
SUCCESS: List fully updated.
import os
import requests
import time
# Configuration
CF_API_TOKEN = os.environ.get('CF_API_TOKEN', '').strip()
CF_ACCOUNT_ID = os.environ.get('CF_ACCOUNT_ID', '').strip()
LIST_NAME = "HaGeZi_Wildcard_Pro_Plus"
BLOCKLIST_URL = "https://cdn.jsdelivr.net/gh/hagezi/dns-blocklists@latest/wildcard/pro.plus-onlydomains.txt"
headers = {
"Authorization": f"Bearer {CF_API_TOKEN}",
"Content-Type": "application/json"
}
def get_list_id():
url = f"https://api.cloudflare.com/client/v4/accounts/{CF_ACCOUNT_ID}/gateway/lists"
resp = requests.get(url, headers=headers)
if not resp.ok: return None
for lst in resp.json().get('result', []):
if lst['name'] == LIST_NAME: return lst['id']
return None
def create_list():
print(f"Creating list: {LIST_NAME}")
url = f"https://api.cloudflare.com/client/v4/accounts/{CF_ACCOUNT_ID}/gateway/lists"
payload = {"name": LIST_NAME, "type": "DOMAIN", "description": "HaGeZi Pro++"}
resp = requests.post(url, headers=headers, json=payload)
return resp.json()['result']['id']
def update_items(list_id, domains):
# This specific URL and the PATCH method are required for bulk updates
items_url = f"https://api.cloudflare.com/client/v4/accounts/{CF_ACCOUNT_ID}/gateway/lists/{list_id}/items"
print(f"Syncing {len(domains)} domains...")
# We use 1000 per chunk.
# PATCH with 'append' is the standard for zero trust lists.
chunk_size = 1000
for i in range(0, len(domains), chunk_size):
chunk = domains[i:i + chunk_size]
# KEY CHANGE: Wrapping items in 'append' and using PATCH
payload = {"append": [{"value": d} for d in chunk]}
# Use PATCH instead of POST to avoid the 405 error
resp = requests.patch(items_url, headers=headers, json=payload)
if resp.status_code == 429:
print("Rate limited. Waiting 15s...")
time.sleep(15)
resp = requests.patch(items_url, headers=headers, json=payload)
if not resp.ok:
# If PATCH fails, we try POST with the same structure as a fallback
resp = requests.post(items_url, headers=headers, json=payload)
if not resp.ok:
print(f"❌ Chunk {i} failed ({resp.status_code}): {resp.text}")
elif i % 10000 == 0:
print(f"Progress: {i}/{len(domains)} synced...")
# Execution
print("Step 1: Fetching list...")
raw_data = requests.get(BLOCKLIST_URL).text
domains = [d.strip() for d in raw_data.splitlines() if d and not d.startswith('#') and '.' in d]
print(f"Found {len(domains)} domains.")
list_id = get_list_id() or create_list()
if list_id:
# Clear list before starting
print("Clearing existing list entries...")
items_url = f"https://api.cloudflare.com/client/v4/accounts/{CF_ACCOUNT_ID}/gateway/lists/{list_id}/items"
requests.delete(items_url, headers=headers)
time.sleep(3)
update_items(list_id, domains)
print("✅ SUCCESS: List synced.")
