# WAF # Overrides ## List WAF overrides `client.Firewall.WAF.Overrides.List(ctx, params) (*V4PagePaginationArray[Override], error)` **get** `/zones/{zone_id}/firewall/waf/overrides` Fetches the URI-based WAF overrides in a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params WAFOverrideListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Page param.Field[float64]` Query param: The page number of paginated results. - `PerPage param.Field[float64]` Query param: The number of WAF overrides per page. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Overrides.List(context.TODO(), firewall.WAFOverrideListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF override `client.Firewall.WAF.Overrides.Get(ctx, overridesID, query) (*Override, error)` **get** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Fetches the details of a URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesID string` The unique identifier of the WAF override. - `query WAFOverrideGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.Get( context.TODO(), "de677e5818985db1285d0e80225f06e5", firewall.WAFOverrideGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Create a WAF override `client.Firewall.WAF.Overrides.New(ctx, params) (*Override, error)` **post** `/zones/{zone_id}/firewall/waf/overrides` Creates a URI-based WAF override for a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params WAFOverrideNewParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.New(context.TODO(), firewall.WAFOverrideNewParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Update WAF override `client.Firewall.WAF.Overrides.Update(ctx, overridesID, params) (*Override, error)` **put** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Updates an existing URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesID string` The unique identifier of the WAF override. - `params WAFOverrideUpdateParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `ID param.Field[string]` Body param: Defines an identifier. - `RewriteAction param.Field[RewriteAction]` Body param: Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Rules param.Field[WAFRule]` Body param: An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `URLs param.Field[[]OverrideURL]` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.Update( context.TODO(), "de677e5818985db1285d0e80225f06e5", firewall.WAFOverrideUpdateParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), ID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), RewriteAction: cloudflare.F(firewall.RewriteActionParam{ }), Rules: cloudflare.F(firewall.WAFRuleParam{ "100015": firewall.WAFRuleItemDisable, }), URLs: cloudflare.F([]firewall.OverrideURLParam{"shop.example.com/*"}), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Delete a WAF override `client.Firewall.WAF.Overrides.Delete(ctx, overridesID, body) (*WAFOverrideDeleteResponse, error)` **delete** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Deletes an existing URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesID string` The unique identifier of the WAF override. - `body WAFOverrideDeleteParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type WAFOverrideDeleteResponse struct{…}` - `ID string` The unique identifier of the WAF override. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) override, err := client.Firewall.WAF.Overrides.Delete( context.TODO(), "de677e5818985db1285d0e80225f06e5", firewall.WAFOverrideDeleteParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", override.ID) } ``` #### Response ```json { "result": { "id": "de677e5818985db1285d0e80225f06e5" } } ``` ## Domain Types ### Override - `type Override struct{…}` - `ID string` The unique identifier of the WAF override. - `Description string` An informative summary of the current URI-based WAF override. - `Groups map[string, unknown]` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `Paused bool` When true, indicates that the rule is currently paused. - `Priority float64` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `RewriteAction RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` - `Rules WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` - `URLs []OverrideURL` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Override URL - `type OverrideURL string` ### Rewrite Action - `type RewriteAction struct{…}` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `Block RewriteActionBlock` The WAF rule action to apply. - `const RewriteActionBlockChallenge RewriteActionBlock = "challenge"` - `const RewriteActionBlockBlock RewriteActionBlock = "block"` - `const RewriteActionBlockSimulate RewriteActionBlock = "simulate"` - `const RewriteActionBlockDisable RewriteActionBlock = "disable"` - `const RewriteActionBlockDefault RewriteActionBlock = "default"` - `Challenge RewriteActionChallenge` The WAF rule action to apply. - `const RewriteActionChallengeChallenge RewriteActionChallenge = "challenge"` - `const RewriteActionChallengeBlock RewriteActionChallenge = "block"` - `const RewriteActionChallengeSimulate RewriteActionChallenge = "simulate"` - `const RewriteActionChallengeDisable RewriteActionChallenge = "disable"` - `const RewriteActionChallengeDefault RewriteActionChallenge = "default"` - `Default RewriteActionDefault` The WAF rule action to apply. - `const RewriteActionDefaultChallenge RewriteActionDefault = "challenge"` - `const RewriteActionDefaultBlock RewriteActionDefault = "block"` - `const RewriteActionDefaultSimulate RewriteActionDefault = "simulate"` - `const RewriteActionDefaultDisable RewriteActionDefault = "disable"` - `const RewriteActionDefaultDefault RewriteActionDefault = "default"` - `Disable RewriteActionDisable` The WAF rule action to apply. - `const RewriteActionDisableChallenge RewriteActionDisable = "challenge"` - `const RewriteActionDisableBlock RewriteActionDisable = "block"` - `const RewriteActionDisableSimulate RewriteActionDisable = "simulate"` - `const RewriteActionDisableDisable RewriteActionDisable = "disable"` - `const RewriteActionDisableDefault RewriteActionDisable = "default"` - `Simulate RewriteActionSimulate` The WAF rule action to apply. - `const RewriteActionSimulateChallenge RewriteActionSimulate = "challenge"` - `const RewriteActionSimulateBlock RewriteActionSimulate = "block"` - `const RewriteActionSimulateSimulate RewriteActionSimulate = "simulate"` - `const RewriteActionSimulateDisable RewriteActionSimulate = "disable"` - `const RewriteActionSimulateDefault RewriteActionSimulate = "default"` ### WAF Rule - `type WAFRule map[string, WAFRuleItem]` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `const WAFRuleItemChallenge WAFRuleItem = "challenge"` - `const WAFRuleItemBlock WAFRuleItem = "block"` - `const WAFRuleItemSimulate WAFRuleItem = "simulate"` - `const WAFRuleItemDisable WAFRuleItem = "disable"` - `const WAFRuleItemDefault WAFRuleItem = "default"` # Packages ## List WAF packages `client.Firewall.WAF.Packages.List(ctx, params) (*V4PagePaginationArray[WAFPackageListResponse], error)` **get** `/zones/{zone_id}/firewall/waf/packages` Fetches WAF packages for a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params WAFPackageListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier. - `Direction param.Field[WAFPackageListParamsDirection]` Query param: The direction used to sort returned packages. - `const WAFPackageListParamsDirectionAsc WAFPackageListParamsDirection = "asc"` - `const WAFPackageListParamsDirectionDesc WAFPackageListParamsDirection = "desc"` - `Match param.Field[WAFPackageListParamsMatch]` Query param: When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const WAFPackageListParamsMatchAny WAFPackageListParamsMatch = "any"` - `const WAFPackageListParamsMatchAll WAFPackageListParamsMatch = "all"` - `Name param.Field[string]` Query param: The name of the WAF package. - `Order param.Field[WAFPackageListParamsOrder]` Query param: The field used to sort returned packages. - `const WAFPackageListParamsOrderName WAFPackageListParamsOrder = "name"` - `Page param.Field[float64]` Query param: The page number of paginated results. - `PerPage param.Field[float64]` Query param: The number of packages per page. ### Returns - `type WAFPackageListResponse interface{…}` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Packages.List(context.TODO(), firewall.WAFPackageListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ {} ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF package `client.Firewall.WAF.Packages.Get(ctx, packageID, query) (*WAFPackageGetResponse, error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}` Fetches the details of a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines a package identifier. - `query WAFPackageGetParams` - `ZoneID param.Field[string]` Defines an identifier. ### Returns - `type WAFPackageGetResponse interface{…}` - `type WAFPackageGetResponseFirewallAPIResponseSingle struct{…}` - `Errors []ResponseInfo` - `Code int64` - `Message string` - `DocumentationURL string` - `Source ResponseInfoSource` - `Pointer string` - `Messages []ResponseInfo` - `Code int64` - `Message string` - `DocumentationURL string` - `Source ResponseInfoSource` - `Result unknown` - `unknown` - `Success WAFPackageGetResponseFirewallAPIResponseSingleSuccess` Defines whether the API call was successful. - `const WAFPackageGetResponseFirewallAPIResponseSingleSuccessTrue WAFPackageGetResponseFirewallAPIResponseSingleSuccess = true` - `type WAFPackageGetResponseResult struct{…}` - `Result unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) package_, err := client.Firewall.WAF.Packages.Get( context.TODO(), "023e105f4ecef8ad9ca31a8372d0c353", firewall.WAFPackageGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", package_) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` # Groups ## List WAF rule groups `client.Firewall.WAF.Packages.Groups.List(ctx, packageID, params) (*V4PagePaginationArray[Group], error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups` Fetches the WAF rule groups in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `params WAFPackageGroupListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Direction param.Field[WAFPackageGroupListParamsDirection]` Query param: Defines the direction used to sort returned rule groups. - `const WAFPackageGroupListParamsDirectionAsc WAFPackageGroupListParamsDirection = "asc"` - `const WAFPackageGroupListParamsDirectionDesc WAFPackageGroupListParamsDirection = "desc"` - `Match param.Field[WAFPackageGroupListParamsMatch]` Query param: Defines the condition for search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const WAFPackageGroupListParamsMatchAny WAFPackageGroupListParamsMatch = "any"` - `const WAFPackageGroupListParamsMatchAll WAFPackageGroupListParamsMatch = "all"` - `Mode param.Field[WAFPackageGroupListParamsMode]` Query param: Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const WAFPackageGroupListParamsModeOn WAFPackageGroupListParamsMode = "on"` - `const WAFPackageGroupListParamsModeOff WAFPackageGroupListParamsMode = "off"` - `Name param.Field[string]` Query param: Defines the name of the rule group. - `Order param.Field[WAFPackageGroupListParamsOrder]` Query param: Defines the field used to sort returned rule groups. - `const WAFPackageGroupListParamsOrderMode WAFPackageGroupListParamsOrder = "mode"` - `const WAFPackageGroupListParamsOrderRulesCount WAFPackageGroupListParamsOrder = "rules_count"` - `Page param.Field[float64]` Query param: Defines the page number of paginated results. - `PerPage param.Field[float64]` Query param: Defines the number of rule groups per page. - `RulesCount param.Field[float64]` Query param: Defines the number of rules in the current rule group. ### Returns - `type Group struct{…}` - `ID string` Defines the unique identifier of the rule group. - `Description string` Defines an informative summary of what the rule group does. - `Mode GroupMode` Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const GroupModeOn GroupMode = "on"` - `const GroupModeOff GroupMode = "off"` - `Name string` Defines the name of the rule group. - `RulesCount float64` Defines the number of rules in the current rule group. - `AllowedModes []GroupAllowedMode` Defines the available states for the rule group. - `const GroupAllowedModeOn GroupAllowedMode = "on"` - `const GroupAllowedModeOff GroupAllowedMode = "off"` - `ModifiedRulesCount float64` Defines the number of rules within the group that have been modified from their default configuration. - `PackageID string` Defines the unique identifier of a WAF package. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Packages.Groups.List( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageGroupListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "de677e5818985db1285d0e80225f06e5", "description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks", "mode": "on", "name": "Project Honey Pot", "rules_count": 10, "allowed_modes": [ "on", "off" ], "modified_rules_count": 2, "package_id": "a25a9a7e9c00afc1fb2e0245519d725b" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF rule group `client.Firewall.WAF.Packages.Groups.Get(ctx, packageID, groupID, query) (*unknown, error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}` Fetches the details of a WAF rule group. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `groupID string` Defines the unique identifier of a WAF package. - `query WAFPackageGroupGetParams` - `ZoneID param.Field[string]` Defines an identifier of a schema. ### Returns - `type WAFPackageGroupGetResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) group, err := client.Firewall.WAF.Packages.Groups.Get( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageGroupGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", group) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Update a WAF rule group `client.Firewall.WAF.Packages.Groups.Edit(ctx, packageID, groupID, params) (*unknown, error)` **patch** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}` Updates a WAF rule group. You can update the state (`mode` parameter) of a rule group. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `groupID string` Defines the unique identifier of a WAF package. - `params WAFPackageGroupEditParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Mode param.Field[WAFPackageGroupEditParamsMode]` Body param: Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const WAFPackageGroupEditParamsModeOn WAFPackageGroupEditParamsMode = "on"` - `const WAFPackageGroupEditParamsModeOff WAFPackageGroupEditParamsMode = "off"` ### Returns - `type WAFPackageGroupEditResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Firewall.WAF.Packages.Groups.Edit( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageGroupEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Group - `type Group struct{…}` - `ID string` Defines the unique identifier of the rule group. - `Description string` Defines an informative summary of what the rule group does. - `Mode GroupMode` Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `const GroupModeOn GroupMode = "on"` - `const GroupModeOff GroupMode = "off"` - `Name string` Defines the name of the rule group. - `RulesCount float64` Defines the number of rules in the current rule group. - `AllowedModes []GroupAllowedMode` Defines the available states for the rule group. - `const GroupAllowedModeOn GroupAllowedMode = "on"` - `const GroupAllowedModeOff GroupAllowedMode = "off"` - `ModifiedRulesCount float64` Defines the number of rules within the group that have been modified from their default configuration. - `PackageID string` Defines the unique identifier of a WAF package. # Rules ## List WAF rules `client.Firewall.WAF.Packages.Rules.List(ctx, packageID, params) (*V4PagePaginationArray[WAFPackageRuleListResponse], error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules` Fetches WAF rules in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `params WAFPackageRuleListParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Description param.Field[string]` Query param: Defines the public description of the WAF rule. - `Direction param.Field[WAFPackageRuleListParamsDirection]` Query param: Defines the direction used to sort returned rules. - `const WAFPackageRuleListParamsDirectionAsc WAFPackageRuleListParamsDirection = "asc"` - `const WAFPackageRuleListParamsDirectionDesc WAFPackageRuleListParamsDirection = "desc"` - `GroupID param.Field[string]` Query param: Defines the unique identifier of the rule group. - `Match param.Field[WAFPackageRuleListParamsMatch]` Query param: Defines the search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `const WAFPackageRuleListParamsMatchAny WAFPackageRuleListParamsMatch = "any"` - `const WAFPackageRuleListParamsMatchAll WAFPackageRuleListParamsMatch = "all"` - `Mode param.Field[WAFPackageRuleListParamsMode]` Query param: Defines the action/mode a rule has been overridden to perform. - `const WAFPackageRuleListParamsModeDis WAFPackageRuleListParamsMode = "DIS"` - `const WAFPackageRuleListParamsModeChl WAFPackageRuleListParamsMode = "CHL"` - `const WAFPackageRuleListParamsModeBlk WAFPackageRuleListParamsMode = "BLK"` - `const WAFPackageRuleListParamsModeSim WAFPackageRuleListParamsMode = "SIM"` - `Order param.Field[WAFPackageRuleListParamsOrder]` Query param: Defines the field used to sort returned rules. - `const WAFPackageRuleListParamsOrderPriority WAFPackageRuleListParamsOrder = "priority"` - `const WAFPackageRuleListParamsOrderGroupID WAFPackageRuleListParamsOrder = "group_id"` - `const WAFPackageRuleListParamsOrderDescription WAFPackageRuleListParamsOrder = "description"` - `Page param.Field[float64]` Query param: Defines the page number of paginated results. - `PerPage param.Field[float64]` Query param: Defines the number of rules per page. - `Priority param.Field[string]` Query param: Defines the order in which the individual WAF rule is executed within its rule group. ### Returns - `type WAFPackageRuleListResponse interface{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `type WAFPackageRuleListResponseWAFManagedRulesAnomalyRule struct{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []AllowedModesAnomaly` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `ID string` Defines the unique identifier of the rule group. - `Name string` Defines the name of the rule group. - `Mode AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode` Defines the list of possible actions of the WAF rule when it is triggered. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDefault WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "default"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDisable WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "disable"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeSimulate WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "simulate"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeBlock WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "block"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedModeChallenge WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "challenge"` - `DefaultMode WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode` Defines the default action/mode of a rule. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeDisable WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "disable"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeSimulate WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "simulate"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeBlock WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "block"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultModeChallenge WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "challenge"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeDefault WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "default"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeDisable WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "disable"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeSimulate WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "simulate"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeBlock WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "block"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleModeChallenge WAFPackageRuleListResponseWAFManagedRulesTraditionalDenyRuleMode = "challenge"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedMode` Defines the available modes for the current WAF rule. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOn WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "on"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOff WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleMode` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleModeOn WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleMode = "on"` - `const WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleModeOff WAFPackageRuleListResponseWAFManagedRulesTraditionalAllowRuleMode = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) page, err := client.Firewall.WAF.Packages.Rules.List( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageRuleListParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", page) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f939de3be84e66e757adcdcb87908023", "allowed_modes": [ "on", "off" ], "description": "SQL injection prevention for SELECT statements", "group": { "id": "de677e5818985db1285d0e80225f06e5", "name": "Project Honey Pot" }, "mode": "on", "package_id": "a25a9a7e9c00afc1fb2e0245519d725b", "priority": "priority" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF rule `client.Firewall.WAF.Packages.Rules.Get(ctx, packageID, ruleID, query) (*unknown, error)` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}` Fetches the details of a WAF rule in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `ruleID string` Defines the unique identifier of a WAF package. - `query WAFPackageRuleGetParams` - `ZoneID param.Field[string]` Defines an identifier of a schema. ### Returns - `type WAFPackageRuleGetResponseEnvelopeResult interface{…}` - `unknown` ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) rule, err := client.Firewall.WAF.Packages.Rules.Get( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageRuleGetParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", rule) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Update a WAF rule `client.Firewall.WAF.Packages.Rules.Edit(ctx, packageID, ruleID, params) (*WAFPackageRuleEditResponse, error)` **patch** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}` Updates a WAF rule. You can only update the mode/action of the rule. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageID string` Defines the unique identifier of a WAF package. - `ruleID string` Defines the unique identifier of a WAF package. - `params WAFPackageRuleEditParams` - `ZoneID param.Field[string]` Path param: Defines an identifier of a schema. - `Mode param.Field[WAFPackageRuleEditParamsMode]` Body param: Defines the mode/action of the rule when triggered. You must use a value from the `allowed_modes` array of the current rule. - `const WAFPackageRuleEditParamsModeDefault WAFPackageRuleEditParamsMode = "default"` - `const WAFPackageRuleEditParamsModeDisable WAFPackageRuleEditParamsMode = "disable"` - `const WAFPackageRuleEditParamsModeSimulate WAFPackageRuleEditParamsMode = "simulate"` - `const WAFPackageRuleEditParamsModeBlock WAFPackageRuleEditParamsMode = "block"` - `const WAFPackageRuleEditParamsModeChallenge WAFPackageRuleEditParamsMode = "challenge"` - `const WAFPackageRuleEditParamsModeOn WAFPackageRuleEditParamsMode = "on"` - `const WAFPackageRuleEditParamsModeOff WAFPackageRuleEditParamsMode = "off"` ### Returns - `type WAFPackageRuleEditResponse interface{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `type WAFPackageRuleEditResponseWAFManagedRulesAnomalyRule struct{…}` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []AllowedModesAnomaly` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `ID string` Defines the unique identifier of the rule group. - `Name string` Defines the name of the rule group. - `Mode AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode` Defines the list of possible actions of the WAF rule when it is triggered. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDefault WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "default"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeDisable WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "disable"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeSimulate WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "simulate"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeBlock WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "block"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedModeChallenge WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleAllowedMode = "challenge"` - `DefaultMode WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode` Defines the default action/mode of a rule. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeDisable WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "disable"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeSimulate WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "simulate"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeBlock WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "block"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultModeChallenge WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleDefaultMode = "challenge"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeDefault WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "default"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeDisable WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "disable"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeSimulate WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "simulate"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeBlock WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "block"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleModeChallenge WAFPackageRuleEditResponseWAFManagedRulesTraditionalDenyRuleMode = "challenge"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. - `type WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRule struct{…}` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `ID string` Defines the unique identifier of the WAF rule. - `AllowedModes []WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedMode` Defines the available modes for the current WAF rule. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOn WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "on"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedModeOff WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleAllowedMode = "off"` - `Description string` Defines the public description of the WAF rule. - `Group WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `Mode WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleMode` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleModeOn WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleMode = "on"` - `const WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleModeOff WAFPackageRuleEditResponseWAFManagedRulesTraditionalAllowRuleMode = "off"` - `PackageID string` Defines the unique identifier of a WAF package. - `Priority string` Defines the order in which the individual WAF rule is executed within its rule group. ### Example ```go package main import ( "context" "fmt" "github.com/cloudflare/cloudflare-go" "github.com/cloudflare/cloudflare-go/firewall" "github.com/cloudflare/cloudflare-go/option" ) func main() { client := cloudflare.NewClient( option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"), ) response, err := client.Firewall.WAF.Packages.Rules.Edit( context.TODO(), "a25a9a7e9c00afc1fb2e0245519d725b", "a25a9a7e9c00afc1fb2e0245519d725b", firewall.WAFPackageRuleEditParams{ ZoneID: cloudflare.F("023e105f4ecef8ad9ca31a8372d0c353"), }, ) if err != nil { panic(err.Error()) } fmt.Printf("%+v\n", response) } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f939de3be84e66e757adcdcb87908023", "allowed_modes": [ "on", "off" ], "description": "SQL injection prevention for SELECT statements", "group": { "id": "de677e5818985db1285d0e80225f06e5", "name": "Project Honey Pot" }, "mode": "on", "package_id": "a25a9a7e9c00afc1fb2e0245519d725b", "priority": "priority" }, "success": true } ``` ## Domain Types ### Allowed Modes Anomaly - `type AllowedModesAnomaly string` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `const AllowedModesAnomalyOn AllowedModesAnomaly = "on"` - `const AllowedModesAnomalyOff AllowedModesAnomaly = "off"` ### WAF Rule Group - `type WAFRuleGroup struct{…}` Defines the rule group to which the current WAF rule belongs. - `ID string` Defines the unique identifier of the rule group. - `Name string` Defines the name of the rule group.