API Reference

Firewall

Rules

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Update a firewall rule

Deprecated

client.Firewall.Rules.Update(ctx, ruleID, params) (*FirewallRule, error)

PUT/zones/{zone_id}/firewall/rules/{rule_id}

Updates an existing firewall rule.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Firewall Services Write

ParametersExpand Collapse

ruleID string

The unique identifier of the firewall rule.

maxLength32

params RuleUpdateParams

ZoneID param.Field[string]

Path param: Defines an identifier.

maxLength32

Action param.Field[RuleUpdateParamsAction]

Body param: The action to perform when the threshold of matched traffic within the configured period is exceeded.

Mode RuleUpdateParamsActionModeoptional

The action to perform.

One of the following:

const RuleUpdateParamsActionModeSimulate RuleUpdateParamsActionMode = "simulate"

const RuleUpdateParamsActionModeBan RuleUpdateParamsActionMode = "ban"

const RuleUpdateParamsActionModeChallenge RuleUpdateParamsActionMode = "challenge"

const RuleUpdateParamsActionModeJSChallenge RuleUpdateParamsActionMode = "js_challenge"

const RuleUpdateParamsActionModeManagedChallenge RuleUpdateParamsActionMode = "managed_challenge"

Response RuleUpdateParamsActionResponseoptional

A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object.

Body stringoptional

The response body to return. The value must conform to the configured content type.

maxLength10240

ContentType stringoptional

The content type of the body. Must be one of the following: text/plain, text/xml, or application/json.

maxLength50

Timeout float64optional

The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value.

maximum86400

minimum1

Filter param.Field[FirewallFilter]

Body param

ReturnsExpand Collapse

type FirewallRule struct{…}

ID stringoptional

The unique identifier of the firewall rule.

maxLength32

Action Actionoptional

The action to apply to a matched request. The log action is only available on an Enterprise plan.

One of the following:

const ActionBlock Action = "block"

const ActionChallenge Action = "challenge"

const ActionJSChallenge Action = "js_challenge"

const ActionManagedChallenge Action = "managed_challenge"

const ActionAllow Action = "allow"

const ActionLog Action = "log"

const ActionBypass Action = "bypass"

Description stringoptional

An informative summary of the firewall rule.

maxLength500

Filter FirewallRuleFilteroptional

One of the following:

type FirewallFilter struct{…}

ID stringoptional

The unique identifier of the filter.

maxLength32

minLength32

Description stringoptional

An informative summary of the filter.

maxLength500

Expression stringoptional

The filter expression. For more information, refer to Expressions.

Paused booloptional

When true, indicates that the filter is currently paused.

Ref stringoptional

A short reference tag. Allows you to select related filters.

maxLength50

type DeletedFilter struct{…}

ID string

The unique identifier of the filter.

maxLength32

minLength32

Deleted bool

When true, indicates that the firewall rule was deleted.

Paused booloptional

When true, indicates that the firewall rule is currently paused.

Priority float64optional

The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority.

maximum2147483647

minimum0

Products []Productoptional

One of the following:

const ProductZoneLockdown Product = "zoneLockdown"

const ProductUABlock Product = "uaBlock"

const ProductBIC Product = "bic"

const ProductHot Product = "hot"

const ProductSecurityLevel Product = "securityLevel"

const ProductRateLimit Product = "rateLimit"

const ProductWAF Product = "waf"

Ref stringoptional

A short reference tag. Allows you to select related firewall rules.

maxLength50

Update a firewall rule

Go

HTTP

TypeScript

Python

Go

Terraform

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/filters"
  "github.com/cloudflare/cloudflare-go/firewall"
  "github.com/cloudflare/cloudflare-go/option"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  firewallRule, err := client.Firewall.Rules.Update(
    context.TODO(),
    "372e67954025e0ba6aaa6d586b9e0b60",
    firewall.RuleUpdateParams{
      ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"),
      Action: cloudflare.F(firewall.RuleUpdateParamsAction{

      }),
      Filter: cloudflare.F(filters.FirewallFilterParam{

      }),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", firewallRule.ID)
}

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b60",
    "action": "block",
    "description": "Blocks traffic identified during investigation for MIR-31",
    "filter": {
      "id": "372e67954025e0ba6aaa6d586b9e0b61",
      "description": "Restrict access from these browsers on this address range.",
      "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155",
      "paused": false,
      "ref": "FIL-100"
    },
    "paused": false,
    "priority": 50,
    "products": [
      "waf"
    ],
    "ref": "MIR-31"
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b60",
    "action": "block",
    "description": "Blocks traffic identified during investigation for MIR-31",
    "filter": {
      "id": "372e67954025e0ba6aaa6d586b9e0b61",
      "description": "Restrict access from these browsers on this address range.",
      "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155",
      "paused": false,
      "ref": "FIL-100"
    },
    "paused": false,
    "priority": 50,
    "products": [
      "waf"
    ],
    "ref": "MIR-31"
  },
  "success": true
}