# Access Rules ## List IP Access rules `client.Firewall.AccessRules.List(ctx, params) (*V4PagePaginationArray[AccessRuleListResponse], error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters. ### Parameters - `params AccessRuleListParams` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Configuration param.Field[AccessRuleListParamsConfiguration]` Query param - `Target AccessRuleListParamsConfigurationTarget` Defines the target to search in existing rules. - `const AccessRuleListParamsConfigurationTargetIP AccessRuleListParamsConfigurationTarget = "ip"` - `const AccessRuleListParamsConfigurationTargetIPRange AccessRuleListParamsConfigurationTarget = "ip_range"` - `const AccessRuleListParamsConfigurationTargetASN AccessRuleListParamsConfigurationTarget = "asn"` - `const AccessRuleListParamsConfigurationTargetCountry AccessRuleListParamsConfigurationTarget = "country"` - `Value string` Defines the target value to search for in existing rules: an IP address, an IP address range, or a country code, depending on the provided `configuration.target`. Notes: You can search for a single IPv4 address, an IP address range with a subnet of '/16' or '/24', or a two-letter ISO-3166-1 alpha-2 country code. - `Direction param.Field[AccessRuleListParamsDirection]` Query param: Defines the direction used to sort returned rules. - `const AccessRuleListParamsDirectionAsc AccessRuleListParamsDirection = "asc"` - `const AccessRuleListParamsDirectionDesc AccessRuleListParamsDirection = "desc"` - `Match param.Field[AccessRuleListParamsMatch]` Query param: Defines the search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const AccessRuleListParamsMatchAny AccessRuleListParamsMatch = "any"` - `const AccessRuleListParamsMatchAll AccessRuleListParamsMatch = "all"` - `Mode param.Field[AccessRuleListParamsMode]` Query param: The action to apply to a matched request. - `const AccessRuleListParamsModeBlock AccessRuleListParamsMode = "block"` - `const AccessRuleListParamsModeChallenge AccessRuleListParamsMode = "challenge"` - `const AccessRuleListParamsModeWhitelist AccessRuleListParamsMode = "whitelist"` - `const AccessRuleListParamsModeJSChallenge AccessRuleListParamsMode = "js_challenge"` - `const AccessRuleListParamsModeManagedChallenge AccessRuleListParamsMode = "managed_challenge"` - `Notes param.Field[string]` Query param: Defines the string to search for in the notes of existing IP Access rules. Notes: For example, the string 'attack' would match IP Access rules with notes 'Attack 26/02' and 'Attack 27/02'. The search is case insensitive. - `Order param.Field[AccessRuleListParamsOrder]` Query param: Defines the field used to sort returned rules. - `const AccessRuleListParamsOrderConfigurationTarget AccessRuleListParamsOrder = "configuration.target"` - `const AccessRuleListParamsOrderConfigurationValue AccessRuleListParamsOrder = "configuration.value"` - `const AccessRuleListParamsOrderMode AccessRuleListParamsOrder = "mode"` - `Page param.Field[float64]` Query param: Defines the requested page within paginated list of results. - `PerPage param.Field[float64]` Query param: Defines the maximum number of results requested. ### Returns - `type AccessRuleListResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleListResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleListResponseAllowedModeBlock AccessRuleListResponseAllowedMode = "block"` - `const AccessRuleListResponseAllowedModeChallenge AccessRuleListResponseAllowedMode = "challenge"` - `const AccessRuleListResponseAllowedModeWhitelist AccessRuleListResponseAllowedMode = "whitelist"` - `const AccessRuleListResponseAllowedModeJSChallenge AccessRuleListResponseAllowedMode = "js_challenge"` - `const AccessRuleListResponseAllowedModeManagedChallenge AccessRuleListResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleListResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleListResponseMode` The action to apply to a matched request. - `const AccessRuleListResponseModeBlock AccessRuleListResponseMode = "block"` - `const AccessRuleListResponseModeChallenge AccessRuleListResponseMode = "challenge"` - `const AccessRuleListResponseModeWhitelist AccessRuleListResponseMode = "whitelist"` - `const AccessRuleListResponseModeJSChallenge AccessRuleListResponseMode = "js_challenge"` - `const AccessRuleListResponseModeManagedChallenge AccessRuleListResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleListResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleListResponseScopeType` Defines the scope of the rule. - `const AccessRuleListResponseScopeTypeUser AccessRuleListResponseScopeType = "user"` - `const AccessRuleListResponseScopeTypeOrganization AccessRuleListResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.AccessRules.List(context.TODO(), firewall.AccessRuleListParams{ }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an IP Access rule `client.Firewall.AccessRules.Get(ctx, ruleID, query) (*AccessRuleGetResponse, error)` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Fetches the details of an IP Access rule defined. ### Parameters - `ruleID string` Unique identifier for a rule. - `query AccessRuleGetParams` - `AccountID param.Field[string]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type AccessRuleGetResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleGetResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleGetResponseAllowedModeBlock AccessRuleGetResponseAllowedMode = "block"` - `const AccessRuleGetResponseAllowedModeChallenge AccessRuleGetResponseAllowedMode = "challenge"` - `const AccessRuleGetResponseAllowedModeWhitelist AccessRuleGetResponseAllowedMode = "whitelist"` - `const AccessRuleGetResponseAllowedModeJSChallenge AccessRuleGetResponseAllowedMode = "js_challenge"` - `const AccessRuleGetResponseAllowedModeManagedChallenge AccessRuleGetResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleGetResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleGetResponseMode` The action to apply to a matched request. - `const AccessRuleGetResponseModeBlock AccessRuleGetResponseMode = "block"` - `const AccessRuleGetResponseModeChallenge AccessRuleGetResponseMode = "challenge"` - `const AccessRuleGetResponseModeWhitelist AccessRuleGetResponseMode = "whitelist"` - `const AccessRuleGetResponseModeJSChallenge AccessRuleGetResponseMode = "js_challenge"` - `const AccessRuleGetResponseModeManagedChallenge AccessRuleGetResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleGetResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleGetResponseScopeType` Defines the scope of the rule. - `const AccessRuleGetResponseScopeTypeUser AccessRuleGetResponseScopeType = "user"` - `const AccessRuleGetResponseScopeTypeOrganization AccessRuleGetResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) accessRule, err := client.Firewall.AccessRules.Get( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.AccessRuleGetParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", accessRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Create an IP Access rule `client.Firewall.AccessRules.New(ctx, params) (*AccessRuleNewResponse, error)` **post** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone. Note: To create an IP Access rule that applies to a single zone, refer to the [IP Access rules for a zone](#ip-access-rules-for-a-zone) endpoints. ### Parameters - `params AccessRuleNewParams` - `Configuration param.Field[AccessRuleNewParamsConfiguration]` Body param: The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode param.Field[AccessRuleNewParamsMode]` Body param: The action to apply to a matched request. - `const AccessRuleNewParamsModeBlock AccessRuleNewParamsMode = "block"` - `const AccessRuleNewParamsModeChallenge AccessRuleNewParamsMode = "challenge"` - `const AccessRuleNewParamsModeWhitelist AccessRuleNewParamsMode = "whitelist"` - `const AccessRuleNewParamsModeJSChallenge AccessRuleNewParamsMode = "js_challenge"` - `const AccessRuleNewParamsModeManagedChallenge AccessRuleNewParamsMode = "managed_challenge"` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Notes param.Field[string]` Body param: An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `type AccessRuleNewResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleNewResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleNewResponseAllowedModeBlock AccessRuleNewResponseAllowedMode = "block"` - `const AccessRuleNewResponseAllowedModeChallenge AccessRuleNewResponseAllowedMode = "challenge"` - `const AccessRuleNewResponseAllowedModeWhitelist AccessRuleNewResponseAllowedMode = "whitelist"` - `const AccessRuleNewResponseAllowedModeJSChallenge AccessRuleNewResponseAllowedMode = "js_challenge"` - `const AccessRuleNewResponseAllowedModeManagedChallenge AccessRuleNewResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleNewResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleNewResponseMode` The action to apply to a matched request. - `const AccessRuleNewResponseModeBlock AccessRuleNewResponseMode = "block"` - `const AccessRuleNewResponseModeChallenge AccessRuleNewResponseMode = "challenge"` - `const AccessRuleNewResponseModeWhitelist AccessRuleNewResponseMode = "whitelist"` - `const AccessRuleNewResponseModeJSChallenge AccessRuleNewResponseMode = "js_challenge"` - `const AccessRuleNewResponseModeManagedChallenge AccessRuleNewResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleNewResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleNewResponseScopeType` Defines the scope of the rule. - `const AccessRuleNewResponseScopeTypeUser AccessRuleNewResponseScopeType = "user"` - `const AccessRuleNewResponseScopeTypeOrganization AccessRuleNewResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) accessRule, err := client.Firewall.AccessRules.New(context.TODO(), firewall.AccessRuleNewParams{ Configuration: cloudflare.F[firewall.AccessRuleNewParamsConfigurationUnion](firewall.AccessRuleIPConfigurationParam{ }), Mode: cloudflare.F(firewall.AccessRuleNewParamsModeChallenge), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", accessRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Update an IP Access rule `client.Firewall.AccessRules.Edit(ctx, ruleID, params) (*AccessRuleEditResponse, error)` **patch** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Updates an IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `ruleID string` Unique identifier for a rule. - `params AccessRuleEditParams` - `Configuration param.Field[AccessRuleEditParamsConfiguration]` Body param: The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode param.Field[AccessRuleEditParamsMode]` Body param: The action to apply to a matched request. - `const AccessRuleEditParamsModeBlock AccessRuleEditParamsMode = "block"` - `const AccessRuleEditParamsModeChallenge AccessRuleEditParamsMode = "challenge"` - `const AccessRuleEditParamsModeWhitelist AccessRuleEditParamsMode = "whitelist"` - `const AccessRuleEditParamsModeJSChallenge AccessRuleEditParamsMode = "js_challenge"` - `const AccessRuleEditParamsModeManagedChallenge AccessRuleEditParamsMode = "managed_challenge"` - `AccountID param.Field[string]` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `Notes param.Field[string]` Body param: An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `type AccessRuleEditResponse struct{…}` - `ID string` The unique identifier of the IP Access rule. - `AllowedModes []AccessRuleEditResponseAllowedMode` The available actions that a rule can apply to a matched request. - `const AccessRuleEditResponseAllowedModeBlock AccessRuleEditResponseAllowedMode = "block"` - `const AccessRuleEditResponseAllowedModeChallenge AccessRuleEditResponseAllowedMode = "challenge"` - `const AccessRuleEditResponseAllowedModeWhitelist AccessRuleEditResponseAllowedMode = "whitelist"` - `const AccessRuleEditResponseAllowedModeJSChallenge AccessRuleEditResponseAllowedMode = "js_challenge"` - `const AccessRuleEditResponseAllowedModeManagedChallenge AccessRuleEditResponseAllowedMode = "managed_challenge"` - `Configuration AccessRuleEditResponseConfiguration` The rule configuration. - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match. - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `Mode AccessRuleEditResponseMode` The action to apply to a matched request. - `const AccessRuleEditResponseModeBlock AccessRuleEditResponseMode = "block"` - `const AccessRuleEditResponseModeChallenge AccessRuleEditResponseMode = "challenge"` - `const AccessRuleEditResponseModeWhitelist AccessRuleEditResponseMode = "whitelist"` - `const AccessRuleEditResponseModeJSChallenge AccessRuleEditResponseMode = "js_challenge"` - `const AccessRuleEditResponseModeManagedChallenge AccessRuleEditResponseMode = "managed_challenge"` - `CreatedOn Time` The timestamp of when the rule was created. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Notes string` An informative summary of the rule, typically used as a reminder or explanation. - `Scope AccessRuleEditResponseScope` All zones owned by the user will have the rule applied. - `ID string` Defines an identifier. - `Email string` The contact email address of the user. - `Type AccessRuleEditResponseScopeType` Defines the scope of the rule. - `const AccessRuleEditResponseScopeTypeUser AccessRuleEditResponseScopeType = "user"` - `const AccessRuleEditResponseScopeTypeOrganization AccessRuleEditResponseScopeType = "organization"` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Firewall.AccessRules.Edit( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.AccessRuleEditParams{ Configuration: cloudflare.F[firewall.AccessRuleEditParamsConfigurationUnion](firewall.AccessRuleIPConfigurationParam{ }), Mode: cloudflare.F(firewall.AccessRuleEditParamsModeChallenge), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Delete an IP Access rule `client.Firewall.AccessRules.Delete(ctx, ruleID, body) (*AccessRuleDeleteResponse, error)` **delete** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Deletes an existing IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `ruleID string` Unique identifier for a rule. - `body AccessRuleDeleteParams` - `AccountID param.Field[string]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `ZoneID param.Field[string]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `type AccessRuleDeleteResponse struct{…}` - `ID string` Defines an identifier. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) accessRule, err := client.Firewall.AccessRules.Delete( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.AccessRuleDeleteParams{ }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", accessRule.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" }, "success": true } ``` ## Domain Types ### Access Rule CIDR Configuration - `type AccessRuleCIDRConfiguration struct{…}` - `Target AccessRuleCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `const AccessRuleCIDRConfigurationTargetIPRange AccessRuleCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. ### Access Rule IP Configuration - `type AccessRuleIPConfiguration struct{…}` - `Target AccessRuleIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `const AccessRuleIPConfigurationTargetIP AccessRuleIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. ### ASN Configuration - `type ASNConfiguration struct{…}` - `Target ASNConfigurationTarget` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `const ASNConfigurationTargetASN ASNConfigurationTarget = "asn"` - `Value string` The AS number to match. ### Country Configuration - `type CountryConfiguration struct{…}` - `Target CountryConfigurationTarget` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `const CountryConfigurationTargetCountry CountryConfigurationTarget = "country"` - `Value string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). ### IPV6 Configuration - `type IPV6Configuration struct{…}` - `Target IPV6ConfigurationTarget` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `const IPV6ConfigurationTargetIp6 IPV6ConfigurationTarget = "ip6"` - `Value string` The IPv6 address to match.