A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

One of the following:

type LockdownIPConfiguration struct{…}

Target LockdownIPConfigurationTargetoptional

The configuration target. You must set the target to ip when specifying an IP address in the Zone Lockdown rule.

Value stringoptional

The IP address to match. This address will be compared to the IP address of incoming requests.

type LockdownCIDRConfiguration struct{…}

Target LockdownCIDRConfigurationTargetoptional

The configuration target. You must set the target to ip_range when specifying an IP address range in the Zone Lockdown rule.

Value stringoptional

The IP address range to match. You can only use prefix lengths /16 and /24.

type Lockdown struct{…}

ID string

The unique identifier of the Zone Lockdown rule.

maxLength32

Configurations Configuration

A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

CreatedOn Time

The timestamp of when the rule was created.

formatdate-time

Description string

An informative summary of the rule.

maxLength1024

ModifiedOn Time

The timestamp of when the rule was last modified.

formatdate-time

Paused bool

When true, indicates that the rule is currently paused.

URLs []LockdownURL

The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

type LockdownCIDRConfiguration struct{…}

Target LockdownCIDRConfigurationTargetoptional

The configuration target. You must set the target to ip_range when specifying an IP address range in the Zone Lockdown rule.

Value stringoptional

The IP address range to match. You can only use prefix lengths /16 and /24.

type LockdownIPConfiguration struct{…}

Target LockdownIPConfigurationTargetoptional

The configuration target. You must set the target to ip when specifying an IP address in the Zone Lockdown rule.

Value stringoptional

The IP address to match. This address will be compared to the IP address of incoming requests.

type LockdownURL string

FirewallRules

List firewall rules

Deprecated

client.Firewall.Rules.List(ctx, params) (*V4PagePaginationArray[FirewallRule], error)

GET/zones/{zone_id}/firewall/rules

Get a firewall rule

Deprecated

client.Firewall.Rules.Get(ctx, ruleID, query) (*FirewallRule, error)

GET/zones/{zone_id}/firewall/rules/{rule_id}

Create firewall rules

Deprecated

client.Firewall.Rules.New(ctx, params) (*SinglePage[FirewallRule], error)

POST/zones/{zone_id}/firewall/rules

Update a firewall rule

Deprecated

client.Firewall.Rules.Update(ctx, ruleID, params) (*FirewallRule, error)

PUT/zones/{zone_id}/firewall/rules/{rule_id}

Update priority of a firewall rule

Deprecated

client.Firewall.Rules.Edit(ctx, ruleID, body) (*SinglePage[FirewallRule], error)

PATCH/zones/{zone_id}/firewall/rules/{rule_id}

Delete a firewall rule

Deprecated

client.Firewall.Rules.Delete(ctx, ruleID, body) (*FirewallRule, error)

DELETE/zones/{zone_id}/firewall/rules/{rule_id}

Update firewall rules

Deprecated

client.Firewall.Rules.BulkUpdate(ctx, params) (*SinglePage[FirewallRule], error)

PUT/zones/{zone_id}/firewall/rules

Update priority of firewall rules

Deprecated

client.Firewall.Rules.BulkEdit(ctx, params) (*SinglePage[FirewallRule], error)

PATCH/zones/{zone_id}/firewall/rules

Delete firewall rules

Deprecated

client.Firewall.Rules.BulkDelete(ctx, body) (*SinglePage[FirewallRule], error)

DELETE/zones/{zone_id}/firewall/rules

ModelsExpand Collapse

type DeletedFilter struct{…}

ID string

The unique identifier of the filter.

maxLength32

minLength32

Deleted bool

When true, indicates that the firewall rule was deleted.

type FirewallRule struct{…}

ID stringoptional

The unique identifier of the firewall rule.

maxLength32

Action Actionoptional

The action to apply to a matched request. The log action is only available on an Enterprise plan.

Description stringoptional

An informative summary of the firewall rule.

maxLength500

Filter FirewallRuleFilteroptional

One of the following:

type FirewallFilter struct{…}

ID stringoptional

The unique identifier of the filter.

maxLength32

minLength32

Description stringoptional

An informative summary of the filter.

maxLength500

Expression stringoptional

The filter expression. For more information, refer to Expressions.

Paused booloptional

When true, indicates that the filter is currently paused.

Ref stringoptional

A short reference tag. Allows you to select related filters.

maxLength50

type DeletedFilter struct{…}

ID string

The unique identifier of the filter.

maxLength32

minLength32

Deleted bool

When true, indicates that the firewall rule was deleted.

Paused booloptional

When true, indicates that the firewall rule is currently paused.

Priority float64optional

The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority.

maximum2147483647

minimum0

Products []Productoptional

One of the following:

const ProductZoneLockdown Product = "zoneLockdown"

const ProductUABlock Product = "uaBlock"

const ProductBIC Product = "bic"

const ProductHot Product = "hot"

const ProductSecurityLevel Product = "securityLevel"

const ProductRateLimit Product = "rateLimit"

const ProductWAF Product = "waf"

Ref stringoptional

A short reference tag. Allows you to select related firewall rules.

maxLength50

type Product string

A list of products to bypass for a request when using the bypass action.

One of the following:

const ProductZoneLockdown Product = "zoneLockdown"

const ProductUABlock Product = "uaBlock"

const ProductBIC Product = "bic"

const ProductHot Product = "hot"

const ProductSecurityLevel Product = "securityLevel"

const ProductRateLimit Product = "rateLimit"

const ProductWAF Product = "waf"

FirewallAccess Rules

List IP Access rules

client.Firewall.AccessRules.List(ctx, params) (*V4PagePaginationArray[AccessRuleListResponse], error)

GET/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Get an IP Access rule

client.Firewall.AccessRules.Get(ctx, ruleID, query) (*AccessRuleGetResponse, error)

GET/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Create an IP Access rule

client.Firewall.AccessRules.New(ctx, params) (*AccessRuleNewResponse, error)

POST/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Update an IP Access rule

client.Firewall.AccessRules.Edit(ctx, ruleID, params) (*AccessRuleEditResponse, error)

PATCH/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Delete an IP Access rule

client.Firewall.AccessRules.Delete(ctx, ruleID, body) (*AccessRuleDeleteResponse, error)

DELETE/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

ModelsExpand Collapse

type AccessRuleCIDRConfiguration struct{…}

Target AccessRuleCIDRConfigurationTargetoptional

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

Value stringoptional

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

type AccessRuleIPConfiguration struct{…}

Target AccessRuleIPConfigurationTargetoptional

The configuration target. You must set the target to ip when specifying an IP address in the rule.

Value stringoptional

The IP address to match. This address will be compared to the IP address of incoming requests.

type ASNConfiguration struct{…}

Target ASNConfigurationTargetoptional

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

Value stringoptional

The AS number to match.

type CountryConfiguration struct{…}

Target CountryConfigurationTargetoptional

The configuration target. You must set the target to country when specifying a country code in the rule.

Value stringoptional

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

type IPV6Configuration struct{…}

Target IPV6ConfigurationTargetoptional

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

Value stringoptional

The IPv6 address to match.

FirewallUA Rules

List User Agent Blocking rules

client.Firewall.UARules.List(ctx, params) (*V4PagePaginationArray[UARuleListResponse], error)

GET/zones/{zone_id}/firewall/ua_rules

Get a User Agent Blocking rule

client.Firewall.UARules.Get(ctx, uaRuleID, query) (*UARuleGetResponse, error)

GET/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Create a User Agent Blocking rule

client.Firewall.UARules.New(ctx, params) (*UARuleNewResponse, error)

POST/zones/{zone_id}/firewall/ua_rules

Update a User Agent Blocking rule

client.Firewall.UARules.Update(ctx, uaRuleID, params) (*UARuleUpdateResponse, error)

PUT/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Delete a User Agent Blocking rule

client.Firewall.UARules.Delete(ctx, uaRuleID, body) (*UARuleDeleteResponse, error)

DELETE/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

FirewallWAF

FirewallWAFOverrides

List WAF overrides

Deprecated

client.Firewall.WAF.Overrides.List(ctx, params) (*V4PagePaginationArray[Override], error)

GET/zones/{zone_id}/firewall/waf/overrides

Get a WAF override

Deprecated

client.Firewall.WAF.Overrides.Get(ctx, overridesID, query) (*Override, error)

GET/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Create a WAF override

Deprecated

client.Firewall.WAF.Overrides.New(ctx, params) (*Override, error)

POST/zones/{zone_id}/firewall/waf/overrides

Update WAF override

Deprecated

client.Firewall.WAF.Overrides.Update(ctx, overridesID, params) (*Override, error)

PUT/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Delete a WAF override

Deprecated

client.Firewall.WAF.Overrides.Delete(ctx, overridesID, body) (*WAFOverrideDeleteResponse, error)

DELETE/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

ModelsExpand Collapse

type Override struct{…}

ID stringoptional

The unique identifier of the WAF override.

maxLength32

Description stringoptional

An informative summary of the current URI-based WAF override.

maxLength1024

Groups map[string, unknown]optional

An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually default or disable). When creating a new URI-based WAF override, you must provide a groups object or a rules object.

Paused booloptional

When true, indicates that the rule is currently paused.

Priority float64optional

The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides.

maximum1000000000

minimum-1000000000

RewriteAction RewriteActionoptional

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

Rules WAFRuleoptional

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

URLs []OverrideURLoptional

The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

type OverrideURL string

type RewriteAction struct{…}

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

Block RewriteActionBlockoptional

The WAF rule action to apply.

One of the following:

const RewriteActionBlockChallenge RewriteActionBlock = "challenge"

const RewriteActionBlockBlock RewriteActionBlock = "block"

const RewriteActionBlockSimulate RewriteActionBlock = "simulate"

const RewriteActionBlockDisable RewriteActionBlock = "disable"

const RewriteActionBlockDefault RewriteActionBlock = "default"

Challenge RewriteActionChallengeoptional

The WAF rule action to apply.

One of the following:

const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"

const RewriteActionChallengeBlock RewriteActionChallenge = "block"

const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"

const RewriteActionChallengeDisable RewriteActionChallenge = "disable"

const RewriteActionChallengeDefault RewriteActionChallenge = "default"

Default RewriteActionDefaultoptional

The WAF rule action to apply.

One of the following:

const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"

const RewriteActionDefaultBlock RewriteActionDefault = "block"

const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"

const RewriteActionDefaultDisable RewriteActionDefault = "disable"

const RewriteActionDefaultDefault RewriteActionDefault = "default"

Disable RewriteActionDisableoptional

The WAF rule action to apply.

One of the following:

const RewriteActionDisableChallenge RewriteActionDisable = "challenge"

const RewriteActionDisableBlock RewriteActionDisable = "block"

const RewriteActionDisableSimulate RewriteActionDisable = "simulate"

const RewriteActionDisableDisable RewriteActionDisable = "disable"

const RewriteActionDisableDefault RewriteActionDisable = "default"

Simulate RewriteActionSimulateoptional

The WAF rule action to apply.

One of the following:

const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"

const RewriteActionSimulateBlock RewriteActionSimulate = "block"

const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"

const RewriteActionSimulateDisable RewriteActionSimulate = "disable"

const RewriteActionSimulateDefault RewriteActionSimulate = "default"

type WAFRule map[string, WAFRuleItem]

One of the following:

const WAFRuleItemChallenge WAFRuleItem = "challenge"

const WAFRuleItemBlock WAFRuleItem = "block"

const WAFRuleItemSimulate WAFRuleItem = "simulate"

const WAFRuleItemDisable WAFRuleItem = "disable"

const WAFRuleItemDefault WAFRuleItem = "default"

FirewallWAFPackages

List WAF packages

Deprecated

client.Firewall.WAF.Packages.List(ctx, params) (*V4PagePaginationArray[WAFPackageListResponse], error)

GET/zones/{zone_id}/firewall/waf/packages

Get a WAF package

Deprecated

client.Firewall.WAF.Packages.Get(ctx, packageID, query) (*WAFPackageGetResponse, error)

GET/zones/{zone_id}/firewall/waf/packages/{package_id}

FirewallWAFPackagesGroups

List WAF rule groups

Deprecated

client.Firewall.WAF.Packages.Groups.List(ctx, packageID, params) (*V4PagePaginationArray[Group], error)

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups

Get a WAF rule group

Deprecated

client.Firewall.WAF.Packages.Groups.Get(ctx, packageID, groupID, query) (*unknown, error)

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Update a WAF rule group

Deprecated

client.Firewall.WAF.Packages.Groups.Edit(ctx, packageID, groupID, params) (*unknown, error)

PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

ModelsExpand Collapse

type Group struct{…}

ID string

Defines the unique identifier of the rule group.

maxLength32

Description string

Defines an informative summary of what the rule group does.

Mode GroupMode

Defines the state of the rules contained in the rule group. When on, the rules in the group are configurable/usable.

One of the following:

const GroupModeOn GroupMode = "on"

const GroupModeOff GroupMode = "off"

Name string

Defines the name of the rule group.

RulesCount float64

Defines the number of rules in the current rule group.

AllowedModes []GroupAllowedModeoptional

Defines the available states for the rule group.

One of the following:

const GroupAllowedModeOn GroupAllowedMode = "on"

const GroupAllowedModeOff GroupAllowedMode = "off"

ModifiedRulesCount float64optional

Defines the number of rules within the group that have been modified from their default configuration.

PackageID stringoptional

Defines the unique identifier of a WAF package.

maxLength32

FirewallWAFPackagesRules

List WAF rules

Deprecated

client.Firewall.WAF.Packages.Rules.List(ctx, packageID, params) (*V4PagePaginationArray[WAFPackageRuleListResponse], error)

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules

Get a WAF rule

Deprecated

client.Firewall.WAF.Packages.Rules.Get(ctx, packageID, ruleID, query) (*unknown, error)

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Update a WAF rule

Deprecated

client.Firewall.WAF.Packages.Rules.Edit(ctx, packageID, ruleID, params) (*WAFPackageRuleEditResponse, error)

PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

ModelsExpand Collapse

type AllowedModesAnomaly string

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

One of the following:

const AllowedModesAnomalyOn AllowedModesAnomaly = "on"

const AllowedModesAnomalyOff AllowedModesAnomaly = "off"

type WAFRuleGroup struct{…}

Defines the rule group to which the current WAF rule belongs.

ID stringoptional

Defines the unique identifier of the rule group.

maxLength32

Name stringoptional

Defines the name of the rule group.