API Reference

Firewall

Access Rules

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Update an IP Access rule

client.Firewall.AccessRules.Edit(ctx, ruleID, params) (*AccessRuleEditResponse, error)

PATCH/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Updates an IP Access rule defined.

Note: This operation will affect all zones in the account or zone.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Account Firewall Access Rules Write

ParametersExpand Collapse

ruleID string

Unique identifier for a rule.

maxLength32

params AccessRuleEditParams

Configuration param.Field[AccessRuleEditParamsConfiguration]

Body param: The rule configuration.

type AccessRuleIPConfiguration struct{…}

Target AccessRuleIPConfigurationTargetoptional

The configuration target. You must set the target to ip when specifying an IP address in the rule.

Value stringoptional

The IP address to match. This address will be compared to the IP address of incoming requests.

type IPV6Configuration struct{…}

Target IPV6ConfigurationTargetoptional

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

Value stringoptional

The IPv6 address to match.

type AccessRuleCIDRConfiguration struct{…}

Target AccessRuleCIDRConfigurationTargetoptional

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

Value stringoptional

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

type ASNConfiguration struct{…}

Target ASNConfigurationTargetoptional

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

Value stringoptional

The AS number to match.

type CountryConfiguration struct{…}

Target CountryConfigurationTargetoptional

The configuration target. You must set the target to country when specifying a country code in the rule.

Value stringoptional

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

Mode param.Field[AccessRuleEditParamsMode]

Body param: The action to apply to a matched request.

const AccessRuleEditParamsModeBlock AccessRuleEditParamsMode = "block"

const AccessRuleEditParamsModeChallenge AccessRuleEditParamsMode = "challenge"

const AccessRuleEditParamsModeWhitelist AccessRuleEditParamsMode = "whitelist"

const AccessRuleEditParamsModeJSChallenge AccessRuleEditParamsMode = "js_challenge"

const AccessRuleEditParamsModeManagedChallenge AccessRuleEditParamsMode = "managed_challenge"

AccountID param.Field[string]optional

Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

ZoneID param.Field[string]optional

Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

Notes param.Field[string]optional

Body param: An informative summary of the rule, typically used as a reminder or explanation.

ReturnsExpand Collapse

type AccessRuleEditResponse struct{…}

ID string

The unique identifier of the IP Access rule.

maxLength32

AllowedModes []AccessRuleEditResponseAllowedMode

The available actions that a rule can apply to a matched request.

One of the following:

const AccessRuleEditResponseAllowedModeBlock AccessRuleEditResponseAllowedMode = "block"

const AccessRuleEditResponseAllowedModeChallenge AccessRuleEditResponseAllowedMode = "challenge"

const AccessRuleEditResponseAllowedModeWhitelist AccessRuleEditResponseAllowedMode = "whitelist"

const AccessRuleEditResponseAllowedModeJSChallenge AccessRuleEditResponseAllowedMode = "js_challenge"

const AccessRuleEditResponseAllowedModeManagedChallenge AccessRuleEditResponseAllowedMode = "managed_challenge"

Configuration AccessRuleEditResponseConfiguration

The rule configuration.

One of the following:

type AccessRuleIPConfiguration struct{…}

Target AccessRuleIPConfigurationTargetoptional

The configuration target. You must set the target to ip when specifying an IP address in the rule.

Value stringoptional

The IP address to match. This address will be compared to the IP address of incoming requests.

type IPV6Configuration struct{…}

Target IPV6ConfigurationTargetoptional

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

Value stringoptional

The IPv6 address to match.

type AccessRuleCIDRConfiguration struct{…}

Target AccessRuleCIDRConfigurationTargetoptional

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

Value stringoptional

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

type ASNConfiguration struct{…}

Target ASNConfigurationTargetoptional

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

Value stringoptional

The AS number to match.

type CountryConfiguration struct{…}

Target CountryConfigurationTargetoptional

The configuration target. You must set the target to country when specifying a country code in the rule.

Value stringoptional

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

Mode AccessRuleEditResponseMode

The action to apply to a matched request.

One of the following:

const AccessRuleEditResponseModeBlock AccessRuleEditResponseMode = "block"

const AccessRuleEditResponseModeChallenge AccessRuleEditResponseMode = "challenge"

const AccessRuleEditResponseModeWhitelist AccessRuleEditResponseMode = "whitelist"

const AccessRuleEditResponseModeJSChallenge AccessRuleEditResponseMode = "js_challenge"

const AccessRuleEditResponseModeManagedChallenge AccessRuleEditResponseMode = "managed_challenge"

CreatedOn Timeoptional

The timestamp of when the rule was created.

formatdate-time

ModifiedOn Timeoptional

The timestamp of when the rule was last modified.

formatdate-time

Notes stringoptional

An informative summary of the rule, typically used as a reminder or explanation.

Scope AccessRuleEditResponseScopeoptional

All zones owned by the user will have the rule applied.

ID stringoptional

Defines an identifier.

maxLength32

Email stringoptional

The contact email address of the user.

maxLength90

Type AccessRuleEditResponseScopeTypeoptional

Defines the scope of the rule.

One of the following:

const AccessRuleEditResponseScopeTypeUser AccessRuleEditResponseScopeType = "user"

const AccessRuleEditResponseScopeTypeOrganization AccessRuleEditResponseScopeType = "organization"

Update an IP Access rule

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/firewall"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  response, err := client.Firewall.AccessRules.Edit(
    context.TODO(),
    "023e105f4ecef8ad9ca31a8372d0c353",
    firewall.AccessRuleEditParams{
      Configuration: cloudflare.F[firewall.AccessRuleEditParamsConfigurationUnion](firewall.AccessRuleIPConfigurationParam{

      }),
      Mode: cloudflare.F(firewall.AccessRuleEditParamsModeChallenge),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", response.ID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "92f17202ed8bd63d69a66b86a49a8f6b",
    "allowed_modes": [
      "whitelist",
      "block",
      "challenge",
      "js_challenge",
      "managed_challenge"
    ],
    "configuration": {
      "target": "ip",
      "value": "198.51.100.4"
    },
    "mode": "challenge",
    "created_on": "2014-01-01T05:20:00.12345Z",
    "modified_on": "2014-01-01T05:20:00.12345Z",
    "notes": "This rule is enabled because of an event that occurred on date X.",
    "scope": {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "email": "user@example.com",
      "type": "user"
    }
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "92f17202ed8bd63d69a66b86a49a8f6b",
    "allowed_modes": [
      "whitelist",
      "block",
      "challenge",
      "js_challenge",
      "managed_challenge"
    ],
    "configuration": {
      "target": "ip",
      "value": "198.51.100.4"
    },
    "mode": "challenge",
    "created_on": "2014-01-01T05:20:00.12345Z",
    "modified_on": "2014-01-01T05:20:00.12345Z",
    "notes": "This rule is enabled because of an event that occurred on date X.",
    "scope": {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "email": "user@example.com",
      "type": "user"
    }
  },
  "success": true
}