# Firewall # Lockdowns ## List Zone Lockdown rules `client.Firewall.Lockdowns.List(ctx, params) (*V4PagePaginationArray[Lockdown], error)` **get** `/zones/{zone_id}/firewall/lockdowns` Fetches Zone Lockdown rules. You can filter the results using several optional parameters. ### Parameters - `params LockdownListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `CreatedOn param.Field[Time]` Query param: The timestamp of when the rule was created. - `Description param.Field[string]` Query param: A string to search for in the description of existing rules. - `DescriptionSearch param.Field[string]` Query param: A string to search for in the description of existing rules. - `IP param.Field[string]` Query param: A single IP address to search for in existing rules. - `IPRangeSearch param.Field[string]` Query param: A single IP address range to search for in existing rules. - `IPSearch param.Field[string]` Query param: A single IP address to search for in existing rules. - `ModifiedOn param.Field[Time]` Query param: The timestamp of when the rule was last modified. - `Page param.Field[float64]` Query param: Page number of paginated results. - `PerPage param.Field[float64]` Query param: The maximum number of results per page. You can only set the value to `1` or to a multiple of 5 such as `5`, `10`, `15`, or `20`. - `Priority param.Field[float64]` Query param: The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. - `URISearch param.Field[string]` Query param: A single URI to search for in the list of URLs of existing rules. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Lockdowns.List(context.TODO(), firewall.LockdownListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a Zone Lockdown rule `client.Firewall.Lockdowns.Get(ctx, lockDownsID, query) (*Lockdown, error)` **get** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Fetches the details of a Zone Lockdown rule. ### Parameters - `lockDownsID string` The unique identifier of the Zone Lockdown rule. - `query LockdownGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.Get( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.LockdownGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Create a Zone Lockdown rule `client.Firewall.Lockdowns.New(ctx, params) (*Lockdown, error)` **post** `/zones/{zone_id}/firewall/lockdowns` Creates a new Zone Lockdown rule. ### Parameters - `params LockdownNewParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Configurations param.Field[Configuration]` Body param: A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. - `Description param.Field[string]` Body param: An informative summary of the rule. This value is sanitized and any tags will be removed. - `Paused param.Field[bool]` Body param: When true, indicates that the rule is currently paused. - `Priority param.Field[float64]` Body param: The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.New(context.TODO(), firewall.LockdownNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Configurations: cloudflare.F(firewall.ConfigurationParam{firewall.LockdownIPConfigurationParam{ }}), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Update a Zone Lockdown rule `client.Firewall.Lockdowns.Update(ctx, lockDownsID, params) (*Lockdown, error)` **put** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Updates an existing Zone Lockdown rule. ### Parameters - `lockDownsID string` The unique identifier of the Zone Lockdown rule. - `params LockdownUpdateParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Configurations param.Field[Configuration]` Body param: A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.Update( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.LockdownUpdateParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Configurations: cloudflare.F(firewall.ConfigurationParam{firewall.LockdownIPConfigurationParam{ }}), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Delete a Zone Lockdown rule `client.Firewall.Lockdowns.Delete(ctx, lockDownsID, body) (*LockdownDeleteResponse, error)` **delete** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Deletes an existing Zone Lockdown rule. ### Parameters - `lockDownsID string` The unique identifier of the Zone Lockdown rule. - `body LockdownDeleteParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type LockdownDeleteResponse struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.Delete( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.LockdownDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Domain Types ### Configuration - `type Configuration []ConfigurationItem` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Lockdown CIDR Configuration - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown IP Configuration - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. ### Lockdown URL - `type LockdownURL string` # Rules ## List firewall rules `client.Firewall.Rules.List(ctx, params) (*V4PagePaginationArray[FirewallRule], error)` **get** `/zones/{zone_id}/firewall/rules` Fetches firewall rules in a zone. You can filter the results using several optional parameters. ### Parameters - `params RuleListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `ID param.Field[string]` Query param: The unique identifier of the firewall rule. - `Action param.Field[string]` Query param: The action to search for. Must be an exact match. - `Description param.Field[string]` Query param: A case-insensitive string to find in the description. - `Page param.Field[float64]` Query param: Page number of paginated results. - `Paused param.Field[bool]` Query param: When true, indicates that the firewall rule is currently paused. - `PerPage param.Field[float64]` Query param: Number of firewall rules per page. ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Rules.List(context.TODO(), firewall.RuleListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a firewall rule `client.Firewall.Rules.Get(ctx, ruleID, query) (*FirewallRule, error)` **get** `/zones/{zone_id}/firewall/rules/{rule_id}` Fetches the details of a firewall rule. ### Parameters - `ruleID string` The unique identifier of the firewall rule. - `query RuleGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) firewallRule, err := client.Firewall.Rules.Get( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b60", firewall.RuleGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", firewallRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" }, "success": true } ``` ## Create firewall rules `client.Firewall.Rules.New(ctx, params) (*SinglePage[FirewallRule], error)` **post** `/zones/{zone_id}/firewall/rules` Create one or more firewall rules. ### Parameters - `params RuleNewParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Action param.Field[RuleNewParamsAction]` Body param: The action to perform when the threshold of matched traffic within the configured period is exceeded. - `Mode RuleNewParamsActionMode` The action to perform. - `const RuleNewParamsActionModeSimulate RuleNewParamsActionMode = "simulate"` - `const RuleNewParamsActionModeBan RuleNewParamsActionMode = "ban"` - `const RuleNewParamsActionModeChallenge RuleNewParamsActionMode = "challenge"` - `const RuleNewParamsActionModeJSChallenge RuleNewParamsActionMode = "js_challenge"` - `const RuleNewParamsActionModeManagedChallenge RuleNewParamsActionMode = "managed_challenge"` - `Response RuleNewParamsActionResponse` A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object. - `Body string` The response body to return. The value must conform to the configured content type. - `ContentType string` The content type of the body. Must be one of the following: `text/plain`, `text/xml`, or `application/json`. - `Timeout float64` The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value. - `Filter param.Field[FirewallFilter]` Body param ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/filters" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Rules.New(context.TODO(), firewall.RuleNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Action: cloudflare.F(firewall.RuleNewParamsAction{ }), Filter: cloudflare.F(filters.FirewallFilterParam{ }), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Update a firewall rule `client.Firewall.Rules.Update(ctx, ruleID, params) (*FirewallRule, error)` **put** `/zones/{zone_id}/firewall/rules/{rule_id}` Updates an existing firewall rule. ### Parameters - `ruleID string` The unique identifier of the firewall rule. - `params RuleUpdateParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Action param.Field[RuleUpdateParamsAction]` Body param: The action to perform when the threshold of matched traffic within the configured period is exceeded. - `Mode RuleUpdateParamsActionMode` The action to perform. - `const RuleUpdateParamsActionModeSimulate RuleUpdateParamsActionMode = "simulate"` - `const RuleUpdateParamsActionModeBan RuleUpdateParamsActionMode = "ban"` - `const RuleUpdateParamsActionModeChallenge RuleUpdateParamsActionMode = "challenge"` - `const RuleUpdateParamsActionModeJSChallenge RuleUpdateParamsActionMode = "js_challenge"` - `const RuleUpdateParamsActionModeManagedChallenge RuleUpdateParamsActionMode = "managed_challenge"` - `Response RuleUpdateParamsActionResponse` A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object. - `Body string` The response body to return. The value must conform to the configured content type. - `ContentType string` The content type of the body. Must be one of the following: `text/plain`, `text/xml`, or `application/json`. - `Timeout float64` The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value. - `Filter param.Field[FirewallFilter]` Body param ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/filters" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) firewallRule, err := client.Firewall.Rules.Update( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b60", firewall.RuleUpdateParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Action: cloudflare.F(firewall.RuleUpdateParamsAction{ }), Filter: cloudflare.F(filters.FirewallFilterParam{ }), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", firewallRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" }, "success": true } ``` ## Update priority of a firewall rule `client.Firewall.Rules.Edit(ctx, ruleID, body) (*SinglePage[FirewallRule], error)` **patch** `/zones/{zone_id}/firewall/rules/{rule_id}` Updates the priority of an existing firewall rule. ### Parameters - `ruleID string` The unique identifier of the firewall rule. - `body RuleEditParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Rules.Edit( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b60", firewall.RuleEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Delete a firewall rule `client.Firewall.Rules.Delete(ctx, ruleID, body) (*FirewallRule, error)` **delete** `/zones/{zone_id}/firewall/rules/{rule_id}` Deletes an existing firewall rule. ### Parameters - `ruleID string` The unique identifier of the firewall rule. - `body RuleDeleteParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) firewallRule, err := client.Firewall.Rules.Delete( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b60", firewall.RuleDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", firewallRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" }, "success": true } ``` ## Update firewall rules `client.Firewall.Rules.BulkUpdate(ctx, params) (*SinglePage[FirewallRule], error)` **put** `/zones/{zone_id}/firewall/rules` Updates one or more existing firewall rules. ### Parameters - `params RuleBulkUpdateParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Body param.Field[unknown]` Body param ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Rules.BulkUpdate(context.TODO(), firewall.RuleBulkUpdateParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Body: map[string]interface{}{ }, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Update priority of firewall rules `client.Firewall.Rules.BulkEdit(ctx, params) (*SinglePage[FirewallRule], error)` **patch** `/zones/{zone_id}/firewall/rules` Updates the priority of existing firewall rules. ### Parameters - `params RuleBulkEditParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Body param.Field[unknown]` Body param ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Rules.BulkEdit(context.TODO(), firewall.RuleBulkEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Body: map[string]interface{}{ }, }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Delete firewall rules `client.Firewall.Rules.BulkDelete(ctx, body) (*SinglePage[FirewallRule], error)` **delete** `/zones/{zone_id}/firewall/rules` Deletes existing firewall rules. ### Parameters - `body RuleBulkDeleteParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Rules.BulkDelete(context.TODO(), firewall.RuleBulkDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Deleted Filter - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. ### Firewall Rule - `type FirewallRule struct{…}` - `ID string` The unique identifier of the firewall rule. - `Action Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `const ActionBlock Action = "block"` - `const ActionChallenge Action = "challenge"` - `const ActionJSChallenge Action = "js_challenge"` - `const ActionManagedChallenge Action = "managed_challenge"` - `const ActionAllow Action = "allow"` - `const ActionLog Action = "log"` - `const ActionBypass Action = "bypass"` - `Description string` An informative summary of the firewall rule. - `Filter FirewallRuleFilter` - `type FirewallFilter struct{…}` - `ID string` The unique identifier of the filter. - `Description string` An informative summary of the filter. - `Expression string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `Paused bool` When true, indicates that the filter is currently paused. - `Ref string` A short reference tag. Allows you to select related filters. - `type DeletedFilter struct{…}` - `ID string` The unique identifier of the filter. - `Deleted bool` When true, indicates that the firewall rule was deleted. - `Paused bool` When true, indicates that the firewall rule is currently paused. - `Priority float64` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `Products []Product` - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` - `Ref string` A short reference tag. Allows you to select related firewall rules. ### Product - `type Product string` A list of products to bypass for a request when using the `bypass` action. - `const ProductZoneLockdown Product = "zoneLockdown"` - `const ProductUABlock Product = "uaBlock"` - `const ProductBIC Product = "bic"` - `const ProductHot Product = "hot"` - `const ProductSecurityLevel Product = "securityLevel"` - `const ProductRateLimit Product = "rateLimit"` - `const ProductWAF Product = "waf"` # Access Rules ## List IP Access rules `client.Firewall.AccessRules.List(ctx, params) (*V4PagePaginationArray[AccessRuleListResponse], error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters. ### Parameters - `params AccessRuleListParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Configuration param.Field[AccessRuleListParamsConfiguration]` Query param - `Target AccessRuleListParamsConfigurationTarget` Defines the target to search in existing rules. - `const AccessRuleListParamsConfigurationTargetIP AccessRuleListParamsConfigurationTarget = "ip"` - `const AccessRuleListParamsConfigurationTargetIPRange AccessRuleListParamsConfigurationTarget = "ip_range"` - `const AccessRuleListParamsConfigurationTargetASN AccessRuleListParamsConfigurationTarget = "asn"` - `const AccessRuleListParamsConfigurationTargetCountry AccessRuleListParamsConfigurationTarget = "country"` - `Value string` Defines the target value to search for in existing rules: an IP address, an IP address range, or a country code, depending on the provided `configuration.target`. Notes: You can search for a single IPv4 address, an IP address range with a subnet of '/16' or '/24', or a two-letter ISO-3166-1 alpha-2 country code. - `Direction param.Field[AccessRuleListParamsDirection]` Query param: Defines the direction used to sort returned rules. - `const AccessRuleListParamsDirectionAsc AccessRuleListParamsDirection = "asc"` - `const AccessRuleListParamsDirectionDesc AccessRuleListParamsDirection = "desc"` - `Match param.Field[AccessRuleListParamsMatch]` Query param: Defines the search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const AccessRuleListParamsMatchAny AccessRuleListParamsMatch = "any"` - `const AccessRuleListParamsMatchAll AccessRuleListParamsMatch = "all"` - `Mode param.Field[AccessRuleListParamsMode]` Query param: The action to apply to a matched request. - `const AccessRuleListParamsModeBlock AccessRuleListParamsMode = "block"` - `const AccessRuleListParamsModeChallenge AccessRuleListParamsMode = "challenge"` - `const AccessRuleListParamsModeWhitelist AccessRuleListParamsMode = "whitelist"` - `const AccessRuleListParamsModeJSChallenge AccessRuleListParamsMode = "js_challenge"` - `const AccessRuleListParamsModeManagedChallenge AccessRuleListParamsMode = "managed_challenge"` - `Notes param.Field[string]` Query param: Defines the string to search for in the notes of existing IP Access rules. Notes: For example, the string 'attack' would match IP Access rules with notes 'Attack 26/02' and 'Attack 27/02'. The search is case insensitive. - `Order param.Field[AccessRuleListParamsOrder]` Query param: Defines the field used to sort returned rules. - `const AccessRuleListParamsOrderConfigurationTarget AccessRuleListParamsOrder = "configuration.target"` - `const AccessRuleListParamsOrderConfigurationValue AccessRuleListParamsOrder = "configuration.value"` - `const AccessRuleListParamsOrderMode AccessRuleListParamsOrder = "mode"` - `Page param.Field[float64]` Query param: Defines the requested page within paginated list of results. - `PerPage param.Field[float64]` Query param: Defines the maximum number of results requested. ### Returns - `type AccessRuleListResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleListResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleListResponseAllowedModeBlock AccessRuleListResponseAllowedMode = "block"` - `const AccessRuleListResponseAllowedModeChallenge AccessRuleListResponseAllowedMode = "challenge"` - `const AccessRuleListResponseAllowedModeWhitelist AccessRuleListResponseAllowedMode = "whitelist"` - `const AccessRuleListResponseAllowedModeJSChallenge AccessRuleListResponseAllowedMode = "js_challenge"` - `const AccessRuleListResponseAllowedModeManagedChallenge AccessRuleListResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleListResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleListResponseMode` The action to apply to a matched request. - `const AccessRuleListResponseModeBlock AccessRuleListResponseMode = "block"` - `const AccessRuleListResponseModeChallenge AccessRuleListResponseMode = "challenge"` - `const AccessRuleListResponseModeWhitelist AccessRuleListResponseMode = "whitelist"` - `const AccessRuleListResponseModeJSChallenge AccessRuleListResponseMode = "js_challenge"` - `const AccessRuleListResponseModeManagedChallenge AccessRuleListResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleListResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleListResponseScopeType` Defines the scope of the rule. - `const AccessRuleListResponseScopeTypeUser AccessRuleListResponseScopeType = "user"` - `const AccessRuleListResponseScopeTypeOrganization AccessRuleListResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.AccessRules.List(context.TODO(), firewall.AccessRuleListParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an IP Access rule `client.Firewall.AccessRules.Get(ctx, ruleID, query) (*AccessRuleGetResponse, error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Fetches the details of an IP Access rule defined. ### Parameters - `ruleID string` Unique identifier for a rule. - `query AccessRuleGetParams` - `AccountID param.Field[string]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type AccessRuleGetResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleGetResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleGetResponseAllowedModeBlock AccessRuleGetResponseAllowedMode = "block"` - `const AccessRuleGetResponseAllowedModeChallenge AccessRuleGetResponseAllowedMode = "challenge"` - `const AccessRuleGetResponseAllowedModeWhitelist AccessRuleGetResponseAllowedMode = "whitelist"` - `const AccessRuleGetResponseAllowedModeJSChallenge AccessRuleGetResponseAllowedMode = "js_challenge"` - `const AccessRuleGetResponseAllowedModeManagedChallenge AccessRuleGetResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleGetResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleGetResponseMode` The action to apply to a matched request. - `const AccessRuleGetResponseModeBlock AccessRuleGetResponseMode = "block"` - `const AccessRuleGetResponseModeChallenge AccessRuleGetResponseMode = "challenge"` - `const AccessRuleGetResponseModeWhitelist AccessRuleGetResponseMode = "whitelist"` - `const AccessRuleGetResponseModeJSChallenge AccessRuleGetResponseMode = "js_challenge"` - `const AccessRuleGetResponseModeManagedChallenge AccessRuleGetResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleGetResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleGetResponseScopeType` Defines the scope of the rule. - `const AccessRuleGetResponseScopeTypeUser AccessRuleGetResponseScopeType = "user"` - `const AccessRuleGetResponseScopeTypeOrganization AccessRuleGetResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) accessRule, err := client.Firewall.AccessRules.Get( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.AccessRuleGetParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", accessRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Create an IP Access rule `client.Firewall.AccessRules.New(ctx, params) (*AccessRuleNewResponse, error)` **post** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone. Note: To create an IP Access rule that applies to a single zone, refer to the [IP Access rules for a zone](#ip-access-rules-for-a-zone) endpoints. ### Parameters - `params AccessRuleNewParams` - `Configuration param.Field[AccessRuleNewParamsConfiguration]` Body param: The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode param.Field[AccessRuleNewParamsMode]` Body param: The action to apply to a matched request. - `const AccessRuleNewParamsModeBlock AccessRuleNewParamsMode = "block"` - `const AccessRuleNewParamsModeChallenge AccessRuleNewParamsMode = "challenge"` - `const AccessRuleNewParamsModeWhitelist AccessRuleNewParamsMode = "whitelist"` - `const AccessRuleNewParamsModeJSChallenge AccessRuleNewParamsMode = "js_challenge"` - `const AccessRuleNewParamsModeManagedChallenge AccessRuleNewParamsMode = "managed_challenge"` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Notes param.Field[string]` Body param: An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `type AccessRuleNewResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleNewResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleNewResponseAllowedModeBlock AccessRuleNewResponseAllowedMode = "block"` - `const AccessRuleNewResponseAllowedModeChallenge AccessRuleNewResponseAllowedMode = "challenge"` - `const AccessRuleNewResponseAllowedModeWhitelist AccessRuleNewResponseAllowedMode = "whitelist"` - `const AccessRuleNewResponseAllowedModeJSChallenge AccessRuleNewResponseAllowedMode = "js_challenge"` - `const AccessRuleNewResponseAllowedModeManagedChallenge AccessRuleNewResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleNewResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleNewResponseMode` The action to apply to a matched request. - `const AccessRuleNewResponseModeBlock AccessRuleNewResponseMode = "block"` - `const AccessRuleNewResponseModeChallenge AccessRuleNewResponseMode = "challenge"` - `const AccessRuleNewResponseModeWhitelist AccessRuleNewResponseMode = "whitelist"` - `const AccessRuleNewResponseModeJSChallenge AccessRuleNewResponseMode = "js_challenge"` - `const AccessRuleNewResponseModeManagedChallenge AccessRuleNewResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleNewResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleNewResponseScopeType` Defines the scope of the rule. - `const AccessRuleNewResponseScopeTypeUser AccessRuleNewResponseScopeType = "user"` - `const AccessRuleNewResponseScopeTypeOrganization AccessRuleNewResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) accessRule, err := client.Firewall.AccessRules.New(context.TODO(), firewall.AccessRuleNewParams{ Configuration: cloudflare.F[firewall.AccessRuleNewParamsConfigurationUnion](firewall.AccessRuleIPConfigurationParam{ }), Mode: cloudflare.F(firewall.AccessRuleNewParamsModeChallenge), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", accessRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Update an IP Access rule `client.Firewall.AccessRules.Edit(ctx, ruleID, params) (*AccessRuleEditResponse, error)` **patch** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Updates an IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `ruleID string` Unique identifier for a rule. - `params AccessRuleEditParams` - `Configuration param.Field[AccessRuleEditParamsConfiguration]` Body param: The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode param.Field[AccessRuleEditParamsMode]` Body param: The action to apply to a matched request. - `const AccessRuleEditParamsModeBlock AccessRuleEditParamsMode = "block"` - `const AccessRuleEditParamsModeChallenge AccessRuleEditParamsMode = "challenge"` - `const AccessRuleEditParamsModeWhitelist AccessRuleEditParamsMode = "whitelist"` - `const AccessRuleEditParamsModeJSChallenge AccessRuleEditParamsMode = "js_challenge"` - `const AccessRuleEditParamsModeManagedChallenge AccessRuleEditParamsMode = "managed_challenge"` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Notes param.Field[string]` Body param: An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `type AccessRuleEditResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleEditResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleEditResponseAllowedModeBlock AccessRuleEditResponseAllowedMode = "block"` - `const AccessRuleEditResponseAllowedModeChallenge AccessRuleEditResponseAllowedMode = "challenge"` - `const AccessRuleEditResponseAllowedModeWhitelist AccessRuleEditResponseAllowedMode = "whitelist"` - `const AccessRuleEditResponseAllowedModeJSChallenge AccessRuleEditResponseAllowedMode = "js_challenge"` - `const AccessRuleEditResponseAllowedModeManagedChallenge AccessRuleEditResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleEditResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleEditResponseMode` The action to apply to a matched request. - `const AccessRuleEditResponseModeBlock AccessRuleEditResponseMode = "block"` - `const AccessRuleEditResponseModeChallenge AccessRuleEditResponseMode = "challenge"` - `const AccessRuleEditResponseModeWhitelist AccessRuleEditResponseMode = "whitelist"` - `const AccessRuleEditResponseModeJSChallenge AccessRuleEditResponseMode = "js_challenge"` - `const AccessRuleEditResponseModeManagedChallenge AccessRuleEditResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleEditResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleEditResponseScopeType` Defines the scope of the rule. - `const AccessRuleEditResponseScopeTypeUser AccessRuleEditResponseScopeType = "user"` - `const AccessRuleEditResponseScopeTypeOrganization AccessRuleEditResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Firewall.AccessRules.Edit( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.AccessRuleEditParams{ Configuration: cloudflare.F[firewall.AccessRuleEditParamsConfigurationUnion](firewall.AccessRuleIPConfigurationParam{ }), Mode: cloudflare.F(firewall.AccessRuleEditParamsModeChallenge), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Delete an IP Access rule `client.Firewall.AccessRules.Delete(ctx, ruleID, body) (*AccessRuleDeleteResponse, error)` **delete** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Deletes an existing IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `ruleID string` Unique identifier for a rule. - `body AccessRuleDeleteParams` - `AccountID param.Field[string]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type AccessRuleDeleteResponse struct{…}` - `ID string` Defines an identifier. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) accessRule, err := client.Firewall.AccessRules.Delete( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.AccessRuleDeleteParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", accessRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" }, "success": true } ``` ## Domain Types ### Access Rule CIDR Configuration - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. ### Access Rule IP Configuration - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. ### ASN Configuration - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. ### Country Configuration - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). ### IPV6 Configuration - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. # UA Rules ## List User Agent Blocking rules `client.Firewall.UARules.List(ctx, params) (*V4PagePaginationArray[UARuleListResponse], error)` **get** `/zones/{zone_id}/firewall/ua_rules` Fetches User Agent Blocking rules in a zone. You can filter the results using several optional parameters. ### Parameters - `params UARuleListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Description param.Field[string]` Query param: A string to search for in the description of existing rules. - `Page param.Field[float64]` Query param: Page number of paginated results. - `Paused param.Field[bool]` Query param: When true, indicates that the rule is currently paused. - `PerPage param.Field[float64]` Query param: The maximum number of results per page. You can only set the value to `1` or to a multiple of 5 such as `5`, `10`, `15`, or `20`. - `UserAgent param.Field[string]` Query param: A string to search for in the user agent values of existing rules. ### Returns - `type UARuleListResponse struct{…}` - `ID string` The unique identifier of the User Agent Blocking rule. - `Configuration UARuleListResponseConfiguration` The configuration object for the current rule. - `Target string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `Value string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `Description string` An informative summary of the rule. - `Mode UARuleListResponseMode` The action to apply to a matched request. - `const UARuleListResponseModeBlock UARuleListResponseMode = "block"` - `const UARuleListResponseModeChallenge UARuleListResponseMode = "challenge"` - `const UARuleListResponseModeJSChallenge UARuleListResponseMode = "js_challenge"` - `const UARuleListResponseModeManagedChallenge UARuleListResponseMode = "managed_challenge"` - `Paused bool` When true, indicates that the rule is currently paused. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.UARules.List(context.TODO(), firewall.UARuleListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a User Agent Blocking rule `client.Firewall.UARules.Get(ctx, uaRuleID, query) (*UARuleGetResponse, error)` **get** `/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}` Fetches the details of a User Agent Blocking rule. ### Parameters - `uaRuleID string` The unique identifier of the User Agent Blocking rule. - `query UARuleGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type UARuleGetResponse struct{…}` - `ID string` The unique identifier of the User Agent Blocking rule. - `Configuration UARuleGetResponseConfiguration` The configuration object for the current rule. - `Target string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `Value string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `Description string` An informative summary of the rule. - `Mode UARuleGetResponseMode` The action to apply to a matched request. - `const UARuleGetResponseModeBlock UARuleGetResponseMode = "block"` - `const UARuleGetResponseModeChallenge UARuleGetResponseMode = "challenge"` - `const UARuleGetResponseModeJSChallenge UARuleGetResponseMode = "js_challenge"` - `const UARuleGetResponseModeManagedChallenge UARuleGetResponseMode = "managed_challenge"` - `Paused bool` When true, indicates that the rule is currently paused. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) uaRule, err := client.Firewall.UARules.Get( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.UARuleGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", uaRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` ## Create a User Agent Blocking rule `client.Firewall.UARules.New(ctx, params) (*UARuleNewResponse, error)` **post** `/zones/{zone_id}/firewall/ua_rules` Creates a new User Agent Blocking rule in a zone. ### Parameters - `params UARuleNewParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Configuration param.Field[UARuleNewParamsConfiguration]` Body param - `Target UARuleNewParamsConfigurationTarget` The configuration target. You must set the target to `ua` when specifying a user agent in the rule. - `const UARuleNewParamsConfigurationTargetUA UARuleNewParamsConfigurationTarget = "ua"` - `Value string` the user agent to exactly match - `Mode param.Field[UARuleNewParamsMode]` Body param: The action to apply to a matched request. - `const UARuleNewParamsModeBlock UARuleNewParamsMode = "block"` - `const UARuleNewParamsModeChallenge UARuleNewParamsMode = "challenge"` - `const UARuleNewParamsModeWhitelist UARuleNewParamsMode = "whitelist"` - `const UARuleNewParamsModeJSChallenge UARuleNewParamsMode = "js_challenge"` - `const UARuleNewParamsModeManagedChallenge UARuleNewParamsMode = "managed_challenge"` - `Description param.Field[string]` Body param: An informative summary of the rule. This value is sanitized and any tags will be removed. - `Paused param.Field[bool]` Body param: When true, indicates that the rule is currently paused. ### Returns - `type UARuleNewResponse struct{…}` - `ID string` The unique identifier of the User Agent Blocking rule. - `Configuration UARuleNewResponseConfiguration` The configuration object for the current rule. - `Target string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `Value string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `Description string` An informative summary of the rule. - `Mode UARuleNewResponseMode` The action to apply to a matched request. - `const UARuleNewResponseModeBlock UARuleNewResponseMode = "block"` - `const UARuleNewResponseModeChallenge UARuleNewResponseMode = "challenge"` - `const UARuleNewResponseModeJSChallenge UARuleNewResponseMode = "js_challenge"` - `const UARuleNewResponseModeManagedChallenge UARuleNewResponseMode = "managed_challenge"` - `Paused bool` When true, indicates that the rule is currently paused. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) uaRule, err := client.Firewall.UARules.New(context.TODO(), firewall.UARuleNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Configuration: cloudflare.F(firewall.UARuleNewParamsConfiguration{ }), Mode: cloudflare.F(firewall.UARuleNewParamsModeChallenge), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", uaRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` ## Update a User Agent Blocking rule `client.Firewall.UARules.Update(ctx, uaRuleID, params) (*UARuleUpdateResponse, error)` **put** `/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}` Updates an existing User Agent Blocking rule. ### Parameters - `uaRuleID string` The unique identifier of the User Agent Blocking rule. - `params UARuleUpdateParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Configuration param.Field[UARuleUpdateParamsConfiguration]` Body param: The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode param.Field[UARuleUpdateParamsMode]` Body param: The action to apply to a matched request. - `const UARuleUpdateParamsModeBlock UARuleUpdateParamsMode = "block"` - `const UARuleUpdateParamsModeChallenge UARuleUpdateParamsMode = "challenge"` - `const UARuleUpdateParamsModeWhitelist UARuleUpdateParamsMode = "whitelist"` - `const UARuleUpdateParamsModeJSChallenge UARuleUpdateParamsMode = "js_challenge"` - `const UARuleUpdateParamsModeManagedChallenge UARuleUpdateParamsMode = "managed_challenge"` - `Description param.Field[string]` Body param: An informative summary of the rule. This value is sanitized and any tags will be removed. - `Paused param.Field[bool]` Body param: When true, indicates that the rule is currently paused. ### Returns - `type UARuleUpdateResponse struct{…}` - `ID string` The unique identifier of the User Agent Blocking rule. - `Configuration UARuleUpdateResponseConfiguration` The configuration object for the current rule. - `Target string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `Value string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `Description string` An informative summary of the rule. - `Mode UARuleUpdateResponseMode` The action to apply to a matched request. - `const UARuleUpdateResponseModeBlock UARuleUpdateResponseMode = "block"` - `const UARuleUpdateResponseModeChallenge UARuleUpdateResponseMode = "challenge"` - `const UARuleUpdateResponseModeJSChallenge UARuleUpdateResponseMode = "js_challenge"` - `const UARuleUpdateResponseModeManagedChallenge UARuleUpdateResponseMode = "managed_challenge"` - `Paused bool` When true, indicates that the rule is currently paused. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) uaRule, err := client.Firewall.UARules.Update( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.UARuleUpdateParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Configuration: cloudflare.F[firewall.UARuleUpdateParamsConfigurationUnion](firewall.AccessRuleIPConfigurationParam{ }), Mode: cloudflare.F(firewall.UARuleUpdateParamsModeChallenge), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", uaRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` ## Delete a User Agent Blocking rule `client.Firewall.UARules.Delete(ctx, uaRuleID, body) (*UARuleDeleteResponse, error)` **delete** `/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}` Deletes an existing User Agent Blocking rule. ### Parameters - `uaRuleID string` The unique identifier of the User Agent Blocking rule. - `body UARuleDeleteParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type UARuleDeleteResponse struct{…}` - `ID string` The unique identifier of the User Agent Blocking rule. - `Configuration UARuleDeleteResponseConfiguration` The configuration object for the current rule. - `Target string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `Value string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `Description string` An informative summary of the rule. - `Mode UARuleDeleteResponseMode` The action to apply to a matched request. - `const UARuleDeleteResponseModeBlock UARuleDeleteResponseMode = "block"` - `const UARuleDeleteResponseModeChallenge UARuleDeleteResponseMode = "challenge"` - `const UARuleDeleteResponseModeJSChallenge UARuleDeleteResponseMode = "js_challenge"` - `const UARuleDeleteResponseModeManagedChallenge UARuleDeleteResponseMode = "managed_challenge"` - `Paused bool` When true, indicates that the rule is currently paused. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) uaRule, err := client.Firewall.UARules.Delete( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.UARuleDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", uaRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` # WAF # Overrides ## List WAF overrides `client.Firewall.WAF.Overrides.List(ctx, params) (*V4PagePaginationArray[Override], error)` **get** `/zones/{zone_id}/firewall/waf/overrides` Fetches the URI-based WAF overrides in a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params WAFOverrideListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Page param.Field[float64]` Query param: The page number of paginated results. - `PerPage param.Field[float64]` Query param: The number of WAF overrides per page. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Overrides.List(context.TODO(), firewall.WAFOverrideListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF override `client.Firewall.WAF.Overrides.Get(ctx, overridesID, query) (*Override, error)` **get** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Fetches the details of a URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesID string` The unique identifier of the WAF override. - `query WAFOverrideGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.Get( context.TODO(), "de677e5818985db1285d0e80225f06e5", firewall.WAFOverrideGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Create a WAF override `client.Firewall.WAF.Overrides.New(ctx, params) (*Override, error)` **post** `/zones/{zone_id}/firewall/waf/overrides` Creates a URI-based WAF override for a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params WAFOverrideNewParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.New(context.TODO(), firewall.WAFOverrideNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Update WAF override `client.Firewall.WAF.Overrides.Update(ctx, overridesID, params) (*Override, error)` **put** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Updates an existing URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesID string` The unique identifier of the WAF override. - `params WAFOverrideUpdateParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `ID param.Field[string]` Body param: Defines an identifier. - `RewriteAction param.Field[RewriteAction]` Body param: Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Rules param.Field[WAFRule]` Body param: An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.Update( context.TODO(), "de677e5818985db1285d0e80225f06e5", firewall.WAFOverrideUpdateParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), ID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), RewriteAction: cloudflare.F(firewall.RewriteActionParam{ }), Rules: cloudflare.F(firewall.WAFRuleParam{ "100015": firewall.WAFRuleItemDisable, }), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Delete a WAF override `client.Firewall.WAF.Overrides.Delete(ctx, overridesID, body) (*WAFOverrideDeleteResponse, error)` **delete** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Deletes an existing URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesID string` The unique identifier of the WAF override. - `body WAFOverrideDeleteParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type WAFOverrideDeleteResponse struct{…}` - `ID string` The unique identifier of the WAF override. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.Delete( context.TODO(), "de677e5818985db1285d0e80225f06e5", firewall.WAFOverrideDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "result": { "id": "de677e5818985db1285d0e80225f06e5" } } ``` ## Domain Types ### Override - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Override URL - `type OverrideURL string` ### Rewrite Action - `type RewriteAction struct{…}` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` ### WAF Rule - `type WAFRule map[string, WAFRuleItem]` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` # Packages ## List WAF packages `client.Firewall.WAF.Packages.List(ctx, params) (*V4PagePaginationArray[WAFPackageListResponse], error)` **get** `/zones/{zone_id}/firewall/waf/packages` Fetches WAF packages for a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params WAFPackageListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Direction param.Field[WAFPackageListParamsDirection]` Query param: The direction used to sort returned packages. - `const WAFPackageListParamsDirectionAsc WAFPackageListParamsDirection = "asc"` - `const WAFPackageListParamsDirectionDesc WAFPackageListParamsDirection = "desc"` - `Match param.Field[WAFPackageListParamsMatch]` Query param: When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const WAFPackageListParamsMatchAny WAFPackageListParamsMatch = "any"` - `const WAFPackageListParamsMatchAll WAFPackageListParamsMatch = "all"` - `Name param.Field[string]` Query param: The name of the WAF package. - `Order param.Field[WAFPackageListParamsOrder]` Query param: The field used to sort returned packages. - `const WAFPackageListParamsOrderName WAFPackageListParamsOrder = "name"` - `Page param.Field[float64]` Query param: The page number of paginated results. - `PerPage param.Field[float64]` Query param: The number of packages per page. ### Returns - `type WAFPackageListResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Packages.List(context.TODO(), firewall.WAFPackageListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ {} ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF package `client.Firewall.WAF.Packages.Get(ctx, packageID, query) (*WAFPackageGetResponse, error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}` Fetches the details of a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines a package identifier. - `query WAFPackageGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type WAFPackageGetResponse interface{…}` - `type WAFPackageGetResponseFirewallAPIResponseSingle struct{…}` - `Errors []ResponseInfo` - `Code int64` - `Message string` - `DocumentationURL string` - `Source ResponseInfoSource` - `Pointer string` - `Messages []ResponseInfo` - `Code int64` - `Message string` - `DocumentationURL string` - `Source ResponseInfoSource` - `Result unknown` - `unknown` - `Success WAFPackageGetResponseFirewallAPIResponseSingleSuccess` Defines whether the API call was successful. - `const WAFPackageGetResponseFirewallAPIResponseSingleSuccessTrue WAFPackageGetResponseFirewallAPIResponseSingleSuccess = true` - `type WAFPackageGetResponseResult struct{…}` - `Result unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) package_, err := client.Firewall.WAF.Packages.Get( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.WAFPackageGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", package_) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` # Groups ## List WAF rule groups `client.Firewall.WAF.Packages.Groups.List(ctx, packageID, params) (*V4PagePaginationArray[Group], error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups` Fetches the WAF rule groups in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `params WAFPackageGroupListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Direction param.Field[WAFPackageGroupListParamsDirection]` Query param: Defines the direction used to sort returned rule groups. - `const WAFPackageGroupListParamsDirectionAsc WAFPackageGroupListParamsDirection = "asc"` - `const WAFPackageGroupListParamsDirectionDesc WAFPackageGroupListParamsDirection = "desc"` - `Match param.Field[WAFPackageGroupListParamsMatch]` Query param: Defines the condition for search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const WAFPackageGroupListParamsMatchAny WAFPackageGroupListParamsMatch = "any"` - `const WAFPackageGroupListParamsMatchAll WAFPackageGroupListParamsMatch = "all"` - `Mode param.Field[WAFPackageGroupListParamsMode]` Query param: Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const WAFPackageGroupListParamsModeOn WAFPackageGroupListParamsMode = "on"` - `const WAFPackageGroupListParamsModeOff WAFPackageGroupListParamsMode = "off"` - `Name param.Field[string]` Query param: Defines the name of the rule group. - `Order param.Field[WAFPackageGroupListParamsOrder]` Query param: Defines the field used to sort returned rule groups. - `const WAFPackageGroupListParamsOrderMode WAFPackageGroupListParamsOrder = "mode"` - `const WAFPackageGroupListParamsOrderRulesCount WAFPackageGroupListParamsOrder = "rules_count"` - `Page param.Field[float64]` Query param: Defines the page number of paginated results. - `PerPage param.Field[float64]` Query param: Defines the number of rule groups per page. - `RulesCount param.Field[float64]` Query param: Defines the number of rules in the current rule group. ### Returns - `type Group struct{…}` - `ID string` Defines the unique identifier of the rule group. - `Description string` Defines an informative summary of what the rule group does. - `Mode GroupMode` Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const GroupModeOn GroupMode = "on"` - `const GroupModeOff GroupMode = "off"` - `Name string` Defines the name of the rule group. - `RulesCount float64` Defines the number of rules in the current rule group. - `AllowedModes []GroupAllowedMode` Defines the available states for the rule group. - `const GroupAllowedModeOn GroupAllowedMode = "on"` - `const GroupAllowedModeOff GroupAllowedMode = "off"` - `ModifiedRulesCount float64` Defines the number of rules within the group that have been modified from their default configuration. - `PackageID string` Defines the unique identifier of a WAF package. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Packages.Groups.List( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageGroupListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "de677e5818985db1285d0e80225f06e5", "description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks", "mode": "on", "name": "Project Honey Pot", "rules_count": 10, "allowed_modes": [ "on", "off" ], "modified_rules_count": 2, "package_id": "a25a9a7e9c00afc1fb2e0245519d725b" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF rule group `client.Firewall.WAF.Packages.Groups.Get(ctx, packageID, groupID, query) (*unknown, error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}` Fetches the details of a WAF rule group. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `groupID string` Defines the unique identifier of a WAF package. - `query WAFPackageGroupGetParams` - `ZoneID param.Field[string]` Defines an identifier of a schema. ### Returns - `type WAFPackageGroupGetResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) group, err := client.Firewall.WAF.Packages.Groups.Get( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageGroupGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", group) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Update a WAF rule group `client.Firewall.WAF.Packages.Groups.Edit(ctx, packageID, groupID, params) (*unknown, error)` **patch** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}` Updates a WAF rule group. You can update the state (`mode` parameter) of a rule group. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `groupID string` Defines the unique identifier of a WAF package. - `params WAFPackageGroupEditParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Mode param.Field[WAFPackageGroupEditParamsMode]` Body param: Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const WAFPackageGroupEditParamsModeOn WAFPackageGroupEditParamsMode = "on"` - `const WAFPackageGroupEditParamsModeOff WAFPackageGroupEditParamsMode = "off"` ### Returns - `type WAFPackageGroupEditResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Firewall.WAF.Packages.Groups.Edit( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageGroupEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Group - `type Group struct{…}` - `ID string` Defines the unique identifier of the rule group. - `Description string` Defines an informative summary of what the rule group does. - `Mode GroupMode` Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const GroupModeOn GroupMode = "on"` - `const GroupModeOff GroupMode = "off"` - `Name string` Defines the name of the rule group. - `RulesCount float64` Defines the number of rules in the current rule group. - `AllowedModes []GroupAllowedMode` Defines the available states for the rule group. - `const GroupAllowedModeOn GroupAllowedMode = "on"` - `const GroupAllowedModeOff GroupAllowedMode = "off"` - `ModifiedRulesCount float64` Defines the number of rules within the group that have been modified from their default configuration. - `PackageID string` Defines the unique identifier of a WAF package. # Rules ## List WAF rules `client.Firewall.WAF.Packages.Rules.List(ctx, packageID, params) (*V4PagePaginationArray[WAFPackageRuleListResponse], error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules` Fetches WAF rules in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `params WAFPackageRuleListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Description param.Field[string]` Query param: Defines the public description of the WAF rule. - `Direction param.Field[WAFPackageRuleListParamsDirection]` Query param: Defines the direction used to sort returned rules. - `const WAFPackageRuleListParamsDirectionAsc WAFPackageRuleListParamsDirection = "asc"` - `const WAFPackageRuleListParamsDirectionDesc WAFPackageRuleListParamsDirection = "desc"` - `GroupID param.Field[string]` Query param: Defines the unique identifier of the rule group. - `Match param.Field[WAFPackageRuleListParamsMatch]` Query param: Defines the search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const WAFPackageRuleListParamsMatchAny WAFPackageRuleListParamsMatch = "any"` - `const WAFPackageRuleListParamsMatchAll WAFPackageRuleListParamsMatch = "all"` - `Mode param.Field[WAFPackageRuleListParamsMode]` Query param: Defines the action/mode a rule has been overridden to perform. - `const WAFPackageRuleListParamsModeDis WAFPackageRuleListParamsMode = "DIS"` - `const WAFPackageRuleListParamsModeChl WAFPackageRuleListParamsMode = "CHL"` - `const WAFPackageRuleListParamsModeBlk WAFPackageRuleListParamsMode = "BLK"` - `const WAFPackageRuleListParamsModeSim WAFPackageRuleListParamsMode = "SIM"` - `Order param.Field[WAFPackageRuleListParamsOrder]` Query param: Defines the field used to sort returned rules. - `const WAFPackageRuleListParamsOrderPriority WAFPackageRuleListParamsOrder = "priority"` - `const WAFPackageRuleListParamsOrderGroupID WAFPackageRuleListParamsOrder = "group_id"` - `const WAFPackageRuleListParamsOrderDescription WAFPackageRuleListParamsOrder = "description"` - `Page param.Field[float64]` Query param: Defines the page number of paginated results. - `PerPage param.Field[float64]` Query param: Defines the number of rules per page. - `Priority param.Field[string]` Query param: Defines the order in which the individual WAF rule is executed within its rule group. ### Returns - `type WAFPackageRuleListResponse interface{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `type WAFPackageRuleListResponseWAFManagedRulesAnomalyRule struct{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []AllowedModesAnomaly` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `ID string` Defines the unique identifier of the rule group. - `Name string` Defines the name of the rule group. - `Mode AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode` Defines the list of possible actions of the WAF rule when it is triggered. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDefault WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "default"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDisable WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "disable"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeSimulate WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "simulate"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeBlock WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "block"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeChallenge WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "challenge"` - `DefaultMode WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode` Defines the default action/mode of a rule. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeDisable WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "disable"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeSimulate WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "simulate"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeBlock WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "block"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeChallenge WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "challenge"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeDefault WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "default"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeDisable WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "disable"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeSimulate WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "simulate"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeBlock WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "block"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeChallenge WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "challenge"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedMode` Defines the available modes for the current WAF rule. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOn WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "on"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOff WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleMode` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleModeOn WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleMode = "on"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleModeOff WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleMode = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Packages.Rules.List( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageRuleListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f939de3be84e66e757adcdcb87908023", "allowed_modes": [ "on", "off" ], "description": "SQL injection prevention for SELECT statements", "group": { "id": "de677e5818985db1285d0e80225f06e5", "name": "Project Honey Pot" }, "mode": "on", "package_id": "a25a9a7e9c00afc1fb2e0245519d725b", "priority": "priority" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF rule `client.Firewall.WAF.Packages.Rules.Get(ctx, packageID, ruleID, query) (*unknown, error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}` Fetches the details of a WAF rule in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `ruleID string` Defines the unique identifier of a WAF package. - `query WAFPackageRuleGetParams` - `ZoneID param.Field[string]` Defines an identifier of a schema. ### Returns - `type WAFPackageRuleGetResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) rule, err := client.Firewall.WAF.Packages.Rules.Get( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageRuleGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", rule) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Update a WAF rule `client.Firewall.WAF.Packages.Rules.Edit(ctx, packageID, ruleID, params) (*WAFPackageRuleEditResponse, error)` **patch** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}` Updates a WAF rule. You can only update the mode/action of the rule. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `ruleID string` Defines the unique identifier of a WAF package. - `params WAFPackageRuleEditParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Mode param.Field[WAFPackageRuleEditParamsMode]` Body param: Defines the mode/action of the rule when triggered. You must use a value from the `allowed_modes` array of the current rule. - `const WAFPackageRuleEditParamsModeDefault WAFPackageRuleEditParamsMode = "default"` - `const WAFPackageRuleEditParamsModeDisable WAFPackageRuleEditParamsMode = "disable"` - `const WAFPackageRuleEditParamsModeSimulate WAFPackageRuleEditParamsMode = "simulate"` - `const WAFPackageRuleEditParamsModeBlock WAFPackageRuleEditParamsMode = "block"` - `const WAFPackageRuleEditParamsModeChallenge WAFPackageRuleEditParamsMode = "challenge"` - `const WAFPackageRuleEditParamsModeOn WAFPackageRuleEditParamsMode = "on"` - `const WAFPackageRuleEditParamsModeOff WAFPackageRuleEditParamsMode = "off"` ### Returns - `type WAFPackageRuleEditResponse interface{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `type WAFPackageRuleEditResponseWAFManagedRulesAnomalyRule struct{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []AllowedModesAnomaly` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `ID string` Defines the unique identifier of the rule group. - `Name string` Defines the name of the rule group. - `Mode AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode` Defines the list of possible actions of the WAF rule when it is triggered. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDefault WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "default"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDisable WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "disable"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeSimulate WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "simulate"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeBlock WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "block"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeChallenge WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "challenge"` - `DefaultMode WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode` Defines the default action/mode of a rule. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeDisable WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "disable"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeSimulate WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "simulate"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeBlock WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "block"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeChallenge WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "challenge"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeDefault WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "default"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeDisable WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "disable"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeSimulate WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "simulate"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeBlock WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "block"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeChallenge WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "challenge"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedMode` Defines the available modes for the current WAF rule. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOn WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "on"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOff WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleMode` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleModeOn WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleMode = "on"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleModeOff WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleMode = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Firewall.WAF.Packages.Rules.Edit( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageRuleEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f939de3be84e66e757adcdcb87908023", "allowed_modes": [ "on", "off" ], "description": "SQL injection prevention for SELECT statements", "group": { "id": "de677e5818985db1285d0e80225f06e5", "name": "Project Honey Pot" }, "mode": "on", "package_id": "a25a9a7e9c00afc1fb2e0245519d725b", "priority": "priority" }, "success": true } ``` ## Domain Types ### Allowed Modes Anomaly - `type AllowedModesAnomaly string` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` ### WAF Rule Group - `type WAFRuleGroup struct{…}` Defines the rule group to which the current WAF rule belongs. - `ID string` Defines the unique identifier of the rule group. - `Name string` Defines the name of the rule group.