Skip to content
Cloudflare API
Start here
API Reference
Zero Trust
Gateway
Rules

Reset the expiration of a Zero Trust Gateway Rule

client.ZeroTrust.Gateway.Rules.ResetExpiration(ctx, ruleID, body) (*GatewayRule, error)
POST/accounts/{account_id}/gateway/rules/{rule_id}/reset_expiration

Resets the expiration of a Zero Trust Gateway Rule if its duration elapsed and it has a default duration. The Zero Trust Gateway Rule must have values for both expiration.expires_at and expiration.duration.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
ParametersExpand Collapse
ruleID string

Identify the API resource with a UUID.

maxLength36
body GatewayRuleResetExpirationParams
AccountID param.Field[string]
ReturnsExpand Collapse
type GatewayRule struct{…}
Action GatewayRuleAction

Specify the action to perform when the associated traffic, identity, and device posture expressions either absent or evaluate to true.

One of the following:
const GatewayRuleActionOn GatewayRuleAction = "on"
const GatewayRuleActionOff GatewayRuleAction = "off"
const GatewayRuleActionAllow GatewayRuleAction = "allow"
const GatewayRuleActionBlock GatewayRuleAction = "block"
const GatewayRuleActionScan GatewayRuleAction = "scan"
const GatewayRuleActionNoscan GatewayRuleAction = "noscan"
const GatewayRuleActionSafesearch GatewayRuleAction = "safesearch"
const GatewayRuleActionYtrestricted GatewayRuleAction = "ytrestricted"
const GatewayRuleActionIsolate GatewayRuleAction = "isolate"
const GatewayRuleActionNoisolate GatewayRuleAction = "noisolate"
const GatewayRuleActionOverride GatewayRuleAction = "override"
const GatewayRuleActionL4Override GatewayRuleAction = "l4_override"
const GatewayRuleActionEgress GatewayRuleAction = "egress"
const GatewayRuleActionResolve GatewayRuleAction = "resolve"
const GatewayRuleActionQuarantine GatewayRuleAction = "quarantine"
const GatewayRuleActionRedirect GatewayRuleAction = "redirect"
Enabled bool

Specify whether the rule is enabled.

Filters []GatewayFilter

Specify the protocol or layer to evaluate the traffic, identity, and device posture expressions. Can only contain a single value.

One of the following:
const GatewayFilterHTTP GatewayFilter = "http"
const GatewayFilterDNS GatewayFilter = "dns"
const GatewayFilterL4 GatewayFilter = "l4"
const GatewayFilterEgress GatewayFilter = "egress"
const GatewayFilterDNSResolver GatewayFilter = "dns_resolver"
Name string

Specify the rule name.

Precedence int64

Set the order of your rules. Lower values indicate higher precedence. At each processing phase, evaluate applicable rules in ascending order of this value. Refer to Order of enforcement to manage precedence via Terraform.

Traffic string

Specify the wirefilter expression used for traffic matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.

ID stringoptional

Identify the API resource with a UUID.

maxLength36
CreatedAt Timeoptional
formatdate-time
DeletedAt Timeoptional

Indicate the date of deletion, if any.

formatdate-time
Description stringoptional

Specify the rule description.

DevicePosture stringoptional

Specify the wirefilter expression used for device posture check. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.

Expiration GatewayRuleExpirationoptional

Defines the expiration time stamp and default duration of a DNS policy. Takes precedence over the policy's schedule configuration, if any. This does not apply to HTTP or network policies. Settable only for dns rules.

ExpiresAt Time

Show the timestamp when the policy expires and stops applying. The value must follow RFC 3339 and include a UTC offset. The system accepts non-zero offsets but converts them to the equivalent UTC+00:00 value and returns timestamps with a trailing Z. Expiration policies ignore client timezones and expire globally at the specified expires_at time.

formatdate-time
Duration int64optional

Defines the default duration a policy active in minutes. Must set in order to use the reset_expiration endpoint on this rule.

minimum5
Expired booloptional

Indicates whether the policy is expired.

Identity stringoptional

Specify the wirefilter expression used for identity matching. The API automatically formats and sanitizes expressions before storing them. To prevent Terraform state drift, use the formatted expression returned in the API response.

ReadOnly booloptional

Indicate that this rule is shared via the Orgs API and read only.

RuleSettings RuleSettingoptional

Defines settings for this rule. Settings apply only to specific rule types and must use compatible selectors. If Terraform detects drift, confirm the setting supports your rule type and check whether the API modifies the value. Use API-returned values in your configuration to prevent drift.

AddHeaders map[string, []string]optional

Add custom headers to allowed requests as key-value pairs. Use header names as keys that map to arrays of header values. Settable only for http rules with the action set to allow.

AllowChildBypass booloptional

Set to enable MSP children to bypass this rule. Only parent MSP accounts can set this. this rule. Settable for all types of rules.

AuditSSH RuleSettingAuditSSHoptional

Define the settings for the Audit SSH action. Settable only for l4 rules with audit_ssh action.

CommandLogging booloptional

Enable SSH command logging.

BISOAdminControls RuleSettingBISOAdminControlsoptional

Configure browser isolation behavior. Settable only for http rules with the action set to isolate.

Copy RuleSettingBISOAdminControlsCopyoptional

Configure copy behavior. If set to remote_only, users cannot copy isolated content from the remote browser to the local clipboard. If this field is absent, copying remains enabled. Applies only when version == "v2".

One of the following:
const RuleSettingBISOAdminControlsCopyEnabled RuleSettingBISOAdminControlsCopy = "enabled"
const RuleSettingBISOAdminControlsCopyDisabled RuleSettingBISOAdminControlsCopy = "disabled"
const RuleSettingBISOAdminControlsCopyRemoteOnly RuleSettingBISOAdminControlsCopy = "remote_only"
DCP booloptional

Set to false to enable copy-pasting. Only applies when version == "v1".

DD booloptional

Set to false to enable downloading. Only applies when version == "v1".

DK booloptional

Set to false to enable keyboard usage. Only applies when version == "v1".

Download RuleSettingBISOAdminControlsDownloadoptional

Configure download behavior. When set to remote_only, users can view downloads but cannot save them. Applies only when version == "v2".

One of the following:
const RuleSettingBISOAdminControlsDownloadEnabled RuleSettingBISOAdminControlsDownload = "enabled"
const RuleSettingBISOAdminControlsDownloadDisabled RuleSettingBISOAdminControlsDownload = "disabled"
const RuleSettingBISOAdminControlsDownloadRemoteOnly RuleSettingBISOAdminControlsDownload = "remote_only"
DP booloptional

Set to false to enable printing. Only applies when version == "v1".

DU booloptional

Set to false to enable uploading. Only applies when version == "v1".

Keyboard RuleSettingBISOAdminControlsKeyboardoptional

Configure keyboard usage behavior. If this field is absent, keyboard usage remains enabled. Applies only when version == "v2".

One of the following:
const RuleSettingBISOAdminControlsKeyboardEnabled RuleSettingBISOAdminControlsKeyboard = "enabled"
const RuleSettingBISOAdminControlsKeyboardDisabled RuleSettingBISOAdminControlsKeyboard = "disabled"
Paste RuleSettingBISOAdminControlsPasteoptional

Configure paste behavior. If set to remote_only, users cannot paste content from the local clipboard into isolated pages. If this field is absent, pasting remains enabled. Applies only when version == "v2".

One of the following:
const RuleSettingBISOAdminControlsPasteEnabled RuleSettingBISOAdminControlsPaste = "enabled"
const RuleSettingBISOAdminControlsPasteDisabled RuleSettingBISOAdminControlsPaste = "disabled"
const RuleSettingBISOAdminControlsPasteRemoteOnly RuleSettingBISOAdminControlsPaste = "remote_only"
Printing RuleSettingBISOAdminControlsPrintingoptional

Configure print behavior. Default, Printing is enabled. Applies only when version == "v2".

One of the following:
const RuleSettingBISOAdminControlsPrintingEnabled RuleSettingBISOAdminControlsPrinting = "enabled"
const RuleSettingBISOAdminControlsPrintingDisabled RuleSettingBISOAdminControlsPrinting = "disabled"
Upload RuleSettingBISOAdminControlsUploadoptional

Configure upload behavior. If this field is absent, uploading remains enabled. Applies only when version == "v2".

One of the following:
const RuleSettingBISOAdminControlsUploadEnabled RuleSettingBISOAdminControlsUpload = "enabled"
const RuleSettingBISOAdminControlsUploadDisabled RuleSettingBISOAdminControlsUpload = "disabled"
Version RuleSettingBISOAdminControlsVersionoptional

Indicate which version of the browser isolation controls should apply.

One of the following:
const RuleSettingBISOAdminControlsVersionV1 RuleSettingBISOAdminControlsVersion = "v1"
const RuleSettingBISOAdminControlsVersionV2 RuleSettingBISOAdminControlsVersion = "v2"
BlockPage RuleSettingBlockPageoptional

Configure custom block page settings. If missing or null, use the account settings. Settable only for http rules with the action set to block.

TargetURI string

Specify the URI to which the user is redirected.

formaturi
IncludeContext booloptional

Specify whether to pass the context information as query parameters.

BlockPageEnabled booloptional

Enable the custom block page. Settable only for dns rules with action block.

BlockReason stringoptional

Explain why the rule blocks the request. The custom block page shows this text (if enabled). Settable only for dns, l4, and http rules when the action set to block.

BypassParentRule booloptional

Set to enable MSP accounts to bypass their parent's rules. Only MSP child accounts can set this. Settable for all types of rules.

CheckSession RuleSettingCheckSessionoptional

Configure session check behavior. Settable only for l4 and http rules with the action set to allow.

Duration stringoptional

Sets the required session freshness threshold. The API returns a normalized version of this value.

Enforce booloptional

Enable session enforcement.

DNSResolvers RuleSettingDNSResolversoptional

Configure custom resolvers to route queries that match the resolver policy. Unused with 'resolve_dns_through_cloudflare' or 'resolve_dns_internally' settings. DNS queries get routed to the address closest to their origin. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.

IPV4 []DNSResolverSettingsV4optional
IP string

Specify the IPv4 address of the upstream resolver.

Port int64optional

Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.

RouteThroughPrivateNetwork booloptional

Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.

VnetID stringoptional

Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

IPV6 []DNSResolverSettingsV6optional
IP string

Specify the IPv6 address of the upstream resolver.

Port int64optional

Specify a port number to use for the upstream resolver. Defaults to 53 if unspecified.

RouteThroughPrivateNetwork booloptional

Indicate whether to connect to this resolver over a private network. Must set when vnet_id set.

VnetID stringoptional

Specify an optional virtual network for this resolver. Uses default virtual network id if omitted.

Egress RuleSettingEgressoptional

Configure how Gateway Proxy traffic egresses. You can enable this setting for rules with Egress actions and filters, or omit it to indicate local egress via WARP IPs. Settable only for egress rules.

IPV4 stringoptional

Specify the IPv4 address to use for egress.

IPV4Fallback stringoptional

Specify the fallback IPv4 address to use for egress when the primary IPv4 fails. Set '0.0.0.0' to indicate local egress via WARP IPs.

IPV6 stringoptional

Specify the IPv6 range to use for egress.

ForensicCopy RuleSettingForensicCopyoptional

Configure whether a copy of the HTTP request will be sent to storage when the rule matches.

Enabled booloptional

Enable sending the copy to storage.

IgnoreCNAMECategoryMatches booloptional

Ignore category matches at CNAME domains in a response. When off, evaluate categories in this rule against all CNAME domain categories in the response. Settable only for dns and dns_resolver rules.

InsecureDisableDNSSECValidation booloptional

Specify whether to disable DNSSEC validation (for Allow actions) [INSECURE]. Settable only for dns rules.

IPCategories booloptional

Enable IPs in DNS resolver category blocks. The system blocks only domain name categories unless you enable this setting. Settable only for dns and dns_resolver rules.

IPIndicatorFeeds booloptional

Indicates whether to include IPs in DNS resolver indicator feed blocks. Default, indicator feeds block only domain names. Settable only for dns and dns_resolver rules.

L4override RuleSettingL4overrideoptional

Send matching traffic to the supplied destination IP address and port. Settable only for l4 rules with the action set to l4_override.

IP stringoptional

Defines the IPv4 or IPv6 address.

Port int64optional

Defines a port number to use for TCP/UDP overrides.

NotificationSettings RuleSettingNotificationSettingsoptional

Configure a notification to display on the user's device when this rule matched. Settable for all types of rules with the action set to block.

Enabled booloptional

Enable notification.

IncludeContext booloptional

Indicates whether to pass the context information as query parameters.

Msg stringoptional

Customize the message shown in the notification.

SupportURL stringoptional

Defines an optional URL to direct users to additional information. If unset, the notification opens a block page.

OverrideHost stringoptional

Defines a hostname for override, for the matching DNS queries. Settable only for dns rules with the action set to override.

OverrideIPs []stringoptional

Defines a an IP or set of IPs for overriding matched DNS queries. Settable only for dns rules with the action set to override.

PayloadLog RuleSettingPayloadLogoptional

Configure DLP payload logging. Settable only for http rules.

Enabled booloptional

Enable DLP payload logging for this rule.

Quarantine RuleSettingQuarantineoptional

Configure settings that apply to quarantine rules. Settable only for http rules.

FileTypes []RuleSettingQuarantineFileTypeoptional

Specify the types of files to sandbox.

One of the following:
const RuleSettingQuarantineFileTypeExe RuleSettingQuarantineFileType = "exe"
const RuleSettingQuarantineFileTypePDF RuleSettingQuarantineFileType = "pdf"
const RuleSettingQuarantineFileTypeDoc RuleSettingQuarantineFileType = "doc"
const RuleSettingQuarantineFileTypeDocm RuleSettingQuarantineFileType = "docm"
const RuleSettingQuarantineFileTypeDocx RuleSettingQuarantineFileType = "docx"
const RuleSettingQuarantineFileTypeRtf RuleSettingQuarantineFileType = "rtf"
const RuleSettingQuarantineFileTypePpt RuleSettingQuarantineFileType = "ppt"
const RuleSettingQuarantineFileTypePptx RuleSettingQuarantineFileType = "pptx"
const RuleSettingQuarantineFileTypeXls RuleSettingQuarantineFileType = "xls"
const RuleSettingQuarantineFileTypeXlsm RuleSettingQuarantineFileType = "xlsm"
const RuleSettingQuarantineFileTypeXlsx RuleSettingQuarantineFileType = "xlsx"
const RuleSettingQuarantineFileTypeZip RuleSettingQuarantineFileType = "zip"
const RuleSettingQuarantineFileTypeRar RuleSettingQuarantineFileType = "rar"
Redirect RuleSettingRedirectoptional

Apply settings to redirect rules. Settable only for http rules with the action set to redirect.

TargetURI string

Specify the URI to which the user is redirected.

formaturi
IncludeContext booloptional

Specify whether to pass the context information as query parameters.

PreservePathAndQuery booloptional

Specify whether to append the path and query parameters from the original request to target_uri.

ResolveDNSInternally RuleSettingResolveDNSInternallyoptional

Configure to forward the query to the internal DNS service, passing the specified 'view_id' as input. Not used when 'dns_resolvers' is specified or 'resolve_dns_through_cloudflare' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.

Fallback RuleSettingResolveDNSInternallyFallbackoptional

Specify the fallback behavior to apply when the internal DNS response code differs from 'NOERROR' or when the response data contains only CNAME records for 'A' or 'AAAA' queries.

One of the following:
const RuleSettingResolveDNSInternallyFallbackNone RuleSettingResolveDNSInternallyFallback = "none"
const RuleSettingResolveDNSInternallyFallbackPublicDNS RuleSettingResolveDNSInternallyFallback = "public_dns"
ViewID stringoptional

Specify the internal DNS view identifier to pass to the internal DNS service.

ResolveDNSThroughCloudflare booloptional

Enable to send queries that match the policy to Cloudflare's default 1.1.1.1 DNS resolver. Cannot set when 'dns_resolvers' specified or 'resolve_dns_internally' is set. Only valid when a rule's action set to 'resolve'. Settable only for dns_resolver rules.

UntrustedCERT RuleSettingUntrustedCERToptional

Configure behavior when an upstream certificate is invalid or an SSL error occurs. Settable only for http rules with the action set to allow.

Action RuleSettingUntrustedCERTActionoptional

Defines the action performed when an untrusted certificate seen. The default action an error with HTTP code 526.

One of the following:
const RuleSettingUntrustedCERTActionPassThrough RuleSettingUntrustedCERTAction = "pass_through"
const RuleSettingUntrustedCERTActionBlock RuleSettingUntrustedCERTAction = "block"
const RuleSettingUntrustedCERTActionError RuleSettingUntrustedCERTAction = "error"
Schedule Scheduleoptional

Defines the schedule for activating DNS policies. Settable only for dns and dns_resolver rules.

Fri stringoptional

Specify the time intervals when the rule is active on Fridays, in the increasing order from 00:00-24:00. If this parameter omitted, the rule is deactivated on Fridays. API returns a formatted version of this string, which may cause Terraform drift if a unformatted value is used.

Mon stringoptional

Specify the time intervals when the rule is active on Mondays, in the increasing order from 00:00-24:00(capped at maximum of 6 time splits). If this parameter omitted, the rule is deactivated on Mondays. API returns a formatted version of this string, which may cause Terraform drift if a unformatted value is used.

Sat stringoptional

Specify the time intervals when the rule is active on Saturdays, in the increasing order from 00:00-24:00. If this parameter omitted, the rule is deactivated on Saturdays. API returns a formatted version of this string, which may cause Terraform drift if a unformatted value is used.

Sun stringoptional

Specify the time intervals when the rule is active on Sundays, in the increasing order from 00:00-24:00. If this parameter omitted, the rule is deactivated on Sundays. API returns a formatted version of this string, which may cause Terraform drift if a unformatted value is used.

Thu stringoptional

Specify the time intervals when the rule is active on Thursdays, in the increasing order from 00:00-24:00. If this parameter omitted, the rule is deactivated on Thursdays. API returns a formatted version of this string, which may cause Terraform drift if a unformatted value is used.

TimeZone stringoptional

Specify the time zone for rule evaluation. When a valid time zone city name is provided, Gateway always uses the current time for that time zone. When this parameter is omitted, Gateway uses the time zone determined from the user's IP address. Colo time zone is used when the user's IP address does not resolve to a location.

Tue stringoptional

Specify the time intervals when the rule is active on Tuesdays, in the increasing order from 00:00-24:00. If this parameter omitted, the rule is deactivated on Tuesdays. API returns a formatted version of this string, which may cause Terraform drift if a unformatted value is used.

Wed stringoptional

Specify the time intervals when the rule is active on Wednesdays, in the increasing order from 00:00-24:00. If this parameter omitted, the rule is deactivated on Wednesdays. API returns a formatted version of this string, which may cause Terraform drift if a unformatted value is used.

Sharable booloptional

Indicate that this rule is sharable via the Orgs API.

SourceAccount stringoptional

Provide the account tag of the account that created the rule.

UpdatedAt Timeoptional
formatdate-time
Version int64optional

Indicate the version number of the rule(read-only).

WarningStatus stringoptional

Indicate a warning for a misconfigured rule, if any.

Reset the expiration of a Zero Trust Gateway Rule

package main

import (
  "context"
  "fmt"

  "github.com/cloudflare/cloudflare-go"
  "github.com/cloudflare/cloudflare-go/option"
  "github.com/cloudflare/cloudflare-go/zero_trust"
)

func main() {
  client := cloudflare.NewClient(
    option.WithAPIToken("Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY"),
  )
  gatewayRule, err := client.ZeroTrust.Gateway.Rules.ResetExpiration(
    context.TODO(),
    "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    zero_trust.GatewayRuleResetExpirationParams{
      AccountID: cloudflare.F("699d98642c564d2e855e9661899b7252"),
    },
  )
  if err != nil {
    panic(err.Error())
  }
  fmt.Printf("%+v\n", gatewayRule.ID)
}

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "action": "allow",
    "enabled": true,
    "filters": [
      "http"
    ],
    "name": "block bad websites",
    "precedence": 0,
    "traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10",
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "deleted_at": "2019-12-27T18:11:19.117Z",
    "description": "Block bad websites based on their host name.",
    "device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
    "expiration": {
      "expires_at": "2014-01-01T05:20:20Z",
      "duration": 10,
      "expired": false
    },
    "identity": "any(identity.groups.name[*] in {\"finance\"})",
    "read_only": true,
    "rule_settings": {
      "add_headers": {
        "My-Next-Header": [
          "foo",
          "bar"
        ],
        "X-Custom-Header-Name": [
          "somecustomvalue"
        ]
      },
      "allow_child_bypass": false,
      "audit_ssh": {
        "command_logging": false
      },
      "biso_admin_controls": {
        "copy": "remote_only",
        "dcp": true,
        "dd": true,
        "dk": true,
        "download": "enabled",
        "dp": false,
        "du": true,
        "keyboard": "enabled",
        "paste": "enabled",
        "printing": "enabled",
        "upload": "enabled",
        "version": "v1"
      },
      "block_page": {
        "target_uri": "https://example.com",
        "include_context": true
      },
      "block_page_enabled": true,
      "block_reason": "This website is a security risk",
      "bypass_parent_rule": false,
      "check_session": {
        "duration": "300s",
        "enforce": true
      },
      "dns_resolvers": {
        "ipv4": [
          {
            "ip": "2.2.2.2",
            "port": 5053,
            "route_through_private_network": true,
            "vnet_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
          }
        ],
        "ipv6": [
          {
            "ip": "2001:DB8::",
            "port": 5053,
            "route_through_private_network": true,
            "vnet_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
          }
        ]
      },
      "egress": {
        "ipv4": "192.0.2.2",
        "ipv4_fallback": "192.0.2.3",
        "ipv6": "2001:DB8::/64"
      },
      "forensic_copy": {
        "enabled": true
      },
      "ignore_cname_category_matches": true,
      "insecure_disable_dnssec_validation": false,
      "ip_categories": true,
      "ip_indicator_feeds": true,
      "l4override": {
        "ip": "1.1.1.1",
        "port": 0
      },
      "notification_settings": {
        "enabled": true,
        "include_context": true,
        "msg": "msg",
        "support_url": "support_url"
      },
      "override_host": "example.com",
      "override_ips": [
        "1.1.1.1",
        "2.2.2.2"
      ],
      "payload_log": {
        "enabled": true
      },
      "quarantine": {
        "file_types": [
          "exe"
        ]
      },
      "redirect": {
        "target_uri": "https://example.com",
        "include_context": true,
        "preserve_path_and_query": true
      },
      "resolve_dns_internally": {
        "fallback": "none",
        "view_id": "view_id"
      },
      "resolve_dns_through_cloudflare": true,
      "untrusted_cert": {
        "action": "error"
      }
    },
    "schedule": {
      "fri": "08:00-12:30,13:30-17:00",
      "mon": "08:00-12:30,13:30-17:00",
      "sat": "08:00-12:30,13:30-17:00",
      "sun": "08:00-12:30,13:30-17:00",
      "thu": "08:00-12:30,13:30-17:00",
      "time_zone": "America/New York",
      "tue": "08:00-12:30,13:30-17:00",
      "wed": "08:00-12:30,13:30-17:00"
    },
    "sharable": true,
    "source_account": "source_account",
    "updated_at": "2014-01-01T05:20:00.12345Z",
    "version": 1,
    "warning_status": "warning_status"
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "success": true,
  "result": {
    "action": "allow",
    "enabled": true,
    "filters": [
      "http"
    ],
    "name": "block bad websites",
    "precedence": 0,
    "traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10",
    "id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
    "created_at": "2014-01-01T05:20:00.12345Z",
    "deleted_at": "2019-12-27T18:11:19.117Z",
    "description": "Block bad websites based on their host name.",
    "device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
    "expiration": {
      "expires_at": "2014-01-01T05:20:20Z",
      "duration": 10,
      "expired": false
    },
    "identity": "any(identity.groups.name[*] in {\"finance\"})",
    "read_only": true,
    "rule_settings": {
      "add_headers": {
        "My-Next-Header": [
          "foo",
          "bar"
        ],
        "X-Custom-Header-Name": [
          "somecustomvalue"
        ]
      },
      "allow_child_bypass": false,
      "audit_ssh": {
        "command_logging": false
      },
      "biso_admin_controls": {
        "copy": "remote_only",
        "dcp": true,
        "dd": true,
        "dk": true,
        "download": "enabled",
        "dp": false,
        "du": true,
        "keyboard": "enabled",
        "paste": "enabled",
        "printing": "enabled",
        "upload": "enabled",
        "version": "v1"
      },
      "block_page": {
        "target_uri": "https://example.com",
        "include_context": true
      },
      "block_page_enabled": true,
      "block_reason": "This website is a security risk",
      "bypass_parent_rule": false,
      "check_session": {
        "duration": "300s",
        "enforce": true
      },
      "dns_resolvers": {
        "ipv4": [
          {
            "ip": "2.2.2.2",
            "port": 5053,
            "route_through_private_network": true,
            "vnet_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
          }
        ],
        "ipv6": [
          {
            "ip": "2001:DB8::",
            "port": 5053,
            "route_through_private_network": true,
            "vnet_id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415"
          }
        ]
      },
      "egress": {
        "ipv4": "192.0.2.2",
        "ipv4_fallback": "192.0.2.3",
        "ipv6": "2001:DB8::/64"
      },
      "forensic_copy": {
        "enabled": true
      },
      "ignore_cname_category_matches": true,
      "insecure_disable_dnssec_validation": false,
      "ip_categories": true,
      "ip_indicator_feeds": true,
      "l4override": {
        "ip": "1.1.1.1",
        "port": 0
      },
      "notification_settings": {
        "enabled": true,
        "include_context": true,
        "msg": "msg",
        "support_url": "support_url"
      },
      "override_host": "example.com",
      "override_ips": [
        "1.1.1.1",
        "2.2.2.2"
      ],
      "payload_log": {
        "enabled": true
      },
      "quarantine": {
        "file_types": [
          "exe"
        ]
      },
      "redirect": {
        "target_uri": "https://example.com",
        "include_context": true,
        "preserve_path_and_query": true
      },
      "resolve_dns_internally": {
        "fallback": "none",
        "view_id": "view_id"
      },
      "resolve_dns_through_cloudflare": true,
      "untrusted_cert": {
        "action": "error"
      }
    },
    "schedule": {
      "fri": "08:00-12:30,13:30-17:00",
      "mon": "08:00-12:30,13:30-17:00",
      "sat": "08:00-12:30,13:30-17:00",
      "sun": "08:00-12:30,13:30-17:00",
      "thu": "08:00-12:30,13:30-17:00",
      "time_zone": "America/New York",
      "tue": "08:00-12:30,13:30-17:00",
      "wed": "08:00-12:30,13:30-17:00"
    },
    "sharable": true,
    "source_account": "source_account",
    "updated_at": "2014-01-01T05:20:00.12345Z",
    "version": 1,
    "warning_status": "warning_status"
  }
}