# Lockdowns ## List Zone Lockdown rules `client.Firewall.Lockdowns.List(ctx, params) (*V4PagePaginationArray[Lockdown], error)` **get** `/zones/{zone_id}/firewall/lockdowns` Fetches Zone Lockdown rules. You can filter the results using several optional parameters. ### Parameters - `params LockdownListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `CreatedOn param.Field[Time]` Query param: The timestamp of when the rule was created. - `Description param.Field[string]` Query param: A string to search for in the description of existing rules. - `DescriptionSearch param.Field[string]` Query param: A string to search for in the description of existing rules. - `IP param.Field[string]` Query param: A single IP address to search for in existing rules. - `IPRangeSearch param.Field[string]` Query param: A single IP address range to search for in existing rules. - `IPSearch param.Field[string]` Query param: A single IP address to search for in existing rules. - `ModifiedOn param.Field[Time]` Query param: The timestamp of when the rule was last modified. - `Page param.Field[float64]` Query param: Page number of paginated results. - `PerPage param.Field[float64]` Query param: The maximum number of results per page. You can only set the value to `1` or to a multiple of 5 such as `5`, `10`, `15`, or `20`. - `Priority param.Field[float64]` Query param: The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. - `URISearch param.Field[string]` Query param: A single URI to search for in the list of URLs of existing rules. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.Lockdowns.List(context.TODO(), firewall.LockdownListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a Zone Lockdown rule `client.Firewall.Lockdowns.Get(ctx, lockDownsID, query) (*Lockdown, error)` **get** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Fetches the details of a Zone Lockdown rule. ### Parameters - `lockDownsID string` The unique identifier of the Zone Lockdown rule. - `query LockdownGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.Get( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.LockdownGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Create a Zone Lockdown rule `client.Firewall.Lockdowns.New(ctx, params) (*Lockdown, error)` **post** `/zones/{zone_id}/firewall/lockdowns` Creates a new Zone Lockdown rule. ### Parameters - `params LockdownNewParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Configurations param.Field[Configuration]` Body param: A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. - `Description param.Field[string]` Body param: An informative summary of the rule. This value is sanitized and any tags will be removed. - `Paused param.Field[bool]` Body param: When true, indicates that the rule is currently paused. - `Priority param.Field[float64]` Body param: The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.New(context.TODO(), firewall.LockdownNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Configurations: cloudflare.F(firewall.ConfigurationParam{firewall.LockdownIPConfigurationParam{ }}), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Update a Zone Lockdown rule `client.Firewall.Lockdowns.Update(ctx, lockDownsID, params) (*Lockdown, error)` **put** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Updates an existing Zone Lockdown rule. ### Parameters - `lockDownsID string` The unique identifier of the Zone Lockdown rule. - `params LockdownUpdateParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Configurations param.Field[Configuration]` Body param: A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.Update( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.LockdownUpdateParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), Configurations: cloudflare.F(firewall.ConfigurationParam{firewall.LockdownIPConfigurationParam{ }}), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Delete a Zone Lockdown rule `client.Firewall.Lockdowns.Delete(ctx, lockDownsID, body) (*LockdownDeleteResponse, error)` **delete** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Deletes an existing Zone Lockdown rule. ### Parameters - `lockDownsID string` The unique identifier of the Zone Lockdown rule. - `body LockdownDeleteParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type LockdownDeleteResponse struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) lockdown, err := client.Firewall.Lockdowns.Delete( context.TODO(), "372e67954025e0ba6aaa6d586b9e0b59", firewall.LockdownDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", lockdown.ID) } ``` #### Response ```json { "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Domain Types ### Configuration - `type Configuration []ConfigurationItem` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown - `type Lockdown struct{…}` - `ID string` The unique identifier of the Zone Lockdown rule. - `Configurations Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `CreatedOn Time` The timestamp of when the rule was created. - `Description string` An informative summary of the rule. - `ModifiedOn Time` The timestamp of when the rule was last modified. - `Paused bool` When true, indicates that the rule is currently paused. - `URLs []LockdownURL` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Lockdown CIDR Configuration - `type LockdownCIDRConfiguration struct{…}` - `Target LockdownCIDRConfigurationTarget` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `const LockdownCIDRConfigurationTargetIPRange LockdownCIDRConfigurationTarget = "ip_range"` - `Value string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown IP Configuration - `type LockdownIPConfiguration struct{…}` - `Target LockdownIPConfigurationTarget` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `const LockdownIPConfigurationTargetIP LockdownIPConfigurationTarget = "ip"` - `Value string` The IP address to match. This address will be compared to the IP address of incoming requests. ### Lockdown URL - `type LockdownURL string`