# Firewall # Lockdowns ## List Zone Lockdown rules `client.firewall.lockdowns.list(LockdownListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/firewall/lockdowns` Fetches Zone Lockdown rules. You can filter the results using several optional parameters. ### Parameters - `params: LockdownListParams` - `zone_id: string` Path param: Defines an identifier. - `created_on?: string` Query param: The timestamp of when the rule was created. - `description?: string` Query param: A string to search for in the description of existing rules. - `description_search?: string` Query param: A string to search for in the description of existing rules. - `ip?: string` Query param: A single IP address to search for in existing rules. - `ip_range_search?: string` Query param: A single IP address range to search for in existing rules. - `ip_search?: string` Query param: A single IP address to search for in existing rules. - `modified_on?: string` Query param: The timestamp of when the rule was last modified. - `page?: number` Query param: Page number of paginated results. - `per_page?: number` Query param: The maximum number of results per page. You can only set the value to `1` or to a multiple of 5 such as `5`, `10`, `15`, or `20`. - `priority?: number` Query param: The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. - `uri_search?: string` Query param: A single URI to search for in the list of URLs of existing rules. ### Returns - `Lockdown` - `id: string` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: string` The timestamp of when the rule was created. - `description: string` An informative summary of the rule. - `modified_on: string` The timestamp of when the rule was last modified. - `paused: boolean` When true, indicates that the rule is currently paused. - `urls: Array` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const lockdown of client.firewall.lockdowns.list({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(lockdown.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a Zone Lockdown rule `client.firewall.lockdowns.get(stringlockDownsId, LockdownGetParamsparams, RequestOptionsoptions?): Lockdown` **get** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Fetches the details of a Zone Lockdown rule. ### Parameters - `lockDownsId: string` The unique identifier of the Zone Lockdown rule. - `params: LockdownGetParams` - `zone_id: string` Defines an identifier. ### Returns - `Lockdown` - `id: string` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: string` The timestamp of when the rule was created. - `description: string` An informative summary of the rule. - `modified_on: string` The timestamp of when the rule was last modified. - `paused: boolean` When true, indicates that the rule is currently paused. - `urls: Array` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const lockdown = await client.firewall.lockdowns.get('372e67954025e0ba6aaa6d586b9e0b59', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(lockdown.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Create a Zone Lockdown rule `client.firewall.lockdowns.create(LockdownCreateParamsparams, RequestOptionsoptions?): Lockdown` **post** `/zones/{zone_id}/firewall/lockdowns` Creates a new Zone Lockdown rule. ### Parameters - `params: LockdownCreateParams` - `zone_id: string` Path param: Defines an identifier. - `configurations: Configuration` Body param: A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `urls: Array` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. - `description?: string` Body param: An informative summary of the rule. This value is sanitized and any tags will be removed. - `paused?: boolean` Body param: When true, indicates that the rule is currently paused. - `priority?: number` Body param: The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. ### Returns - `Lockdown` - `id: string` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: string` The timestamp of when the rule was created. - `description: string` An informative summary of the rule. - `modified_on: string` The timestamp of when the rule was last modified. - `paused: boolean` When true, indicates that the rule is currently paused. - `urls: Array` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const lockdown = await client.firewall.lockdowns.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', configurations: [{}], urls: ['shop.example.com/*'], }); console.log(lockdown.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Update a Zone Lockdown rule `client.firewall.lockdowns.update(stringlockDownsId, LockdownUpdateParamsparams, RequestOptionsoptions?): Lockdown` **put** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Updates an existing Zone Lockdown rule. ### Parameters - `lockDownsId: string` The unique identifier of the Zone Lockdown rule. - `params: LockdownUpdateParams` - `zone_id: string` Path param: Defines an identifier. - `configurations: Configuration` Body param: A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `urls: Array` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `Lockdown` - `id: string` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: string` The timestamp of when the rule was created. - `description: string` An informative summary of the rule. - `modified_on: string` The timestamp of when the rule was last modified. - `paused: boolean` When true, indicates that the rule is currently paused. - `urls: Array` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const lockdown = await client.firewall.lockdowns.update('372e67954025e0ba6aaa6d586b9e0b59', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', configurations: [{}], urls: ['shop.example.com/*'], }); console.log(lockdown.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Delete a Zone Lockdown rule `client.firewall.lockdowns.delete(stringlockDownsId, LockdownDeleteParamsparams, RequestOptionsoptions?): LockdownDeleteResponse` **delete** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Deletes an existing Zone Lockdown rule. ### Parameters - `lockDownsId: string` The unique identifier of the Zone Lockdown rule. - `params: LockdownDeleteParams` - `zone_id: string` Defines an identifier. ### Returns - `LockdownDeleteResponse` - `id?: string` The unique identifier of the Zone Lockdown rule. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const lockdown = await client.firewall.lockdowns.delete('372e67954025e0ba6aaa6d586b9e0b59', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(lockdown.id); ``` #### Response ```json { "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Domain Types ### Configuration - `Configuration = Array` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown - `Lockdown` - `id: string` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: string` The timestamp of when the rule was created. - `description: string` An informative summary of the rule. - `modified_on: string` The timestamp of when the rule was last modified. - `paused: boolean` When true, indicates that the rule is currently paused. - `urls: Array` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Lockdown CIDR Configuration - `LockdownCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown IP Configuration - `LockdownIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. ### Lockdown URL - `LockdownURL = string` ### Lockdown Delete Response - `LockdownDeleteResponse` - `id?: string` The unique identifier of the Zone Lockdown rule. # Rules ## List firewall rules `client.firewall.rules.list(RuleListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/firewall/rules` Fetches firewall rules in a zone. You can filter the results using several optional parameters. ### Parameters - `params: RuleListParams` - `zone_id: string` Path param: Defines an identifier. - `id?: string` Query param: The unique identifier of the firewall rule. - `action?: string` Query param: The action to search for. Must be an exact match. - `description?: string` Query param: A case-insensitive string to find in the description. - `page?: number` Query param: Page number of paginated results. - `paused?: boolean` Query param: When true, indicates that the firewall rule is currently paused. - `per_page?: number` Query param: Number of firewall rules per page. ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const firewallRule of client.firewall.rules.list({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(firewallRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a firewall rule `client.firewall.rules.get(stringruleId, RuleGetParamsparams, RequestOptionsoptions?): FirewallRule` **get** `/zones/{zone_id}/firewall/rules/{rule_id}` Fetches the details of a firewall rule. ### Parameters - `ruleId: string` The unique identifier of the firewall rule. - `params: RuleGetParams` - `zone_id: string` Defines an identifier. ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const firewallRule = await client.firewall.rules.get('372e67954025e0ba6aaa6d586b9e0b60', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(firewallRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" }, "success": true } ``` ## Create firewall rules `client.firewall.rules.create(RuleCreateParamsparams, RequestOptionsoptions?): SinglePage` **post** `/zones/{zone_id}/firewall/rules` Create one or more firewall rules. ### Parameters - `params: RuleCreateParams` - `zone_id: string` Path param: Defines an identifier. - `action: Action` Body param: The action to perform when the threshold of matched traffic within the configured period is exceeded. - `mode?: "simulate" | "ban" | "challenge" | 2 more` The action to perform. - `"simulate"` - `"ban"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `response?: Response` A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object. - `body?: string` The response body to return. The value must conform to the configured content type. - `content_type?: string` The content type of the body. Must be one of the following: `text/plain`, `text/xml`, or `application/json`. - `timeout?: number` The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value. - `filter: FirewallFilter` Body param - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const firewallRule of client.firewall.rules.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', action: {}, filter: {}, })) { console.log(firewallRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Update a firewall rule `client.firewall.rules.update(stringruleId, RuleUpdateParamsparams, RequestOptionsoptions?): FirewallRule` **put** `/zones/{zone_id}/firewall/rules/{rule_id}` Updates an existing firewall rule. ### Parameters - `ruleId: string` The unique identifier of the firewall rule. - `params: RuleUpdateParams` - `zone_id: string` Path param: Defines an identifier. - `action: Action` Body param: The action to perform when the threshold of matched traffic within the configured period is exceeded. - `mode?: "simulate" | "ban" | "challenge" | 2 more` The action to perform. - `"simulate"` - `"ban"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `response?: Response` A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object. - `body?: string` The response body to return. The value must conform to the configured content type. - `content_type?: string` The content type of the body. Must be one of the following: `text/plain`, `text/xml`, or `application/json`. - `timeout?: number` The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value. - `filter: FirewallFilter` Body param - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const firewallRule = await client.firewall.rules.update('372e67954025e0ba6aaa6d586b9e0b60', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', action: {}, filter: {}, }); console.log(firewallRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" }, "success": true } ``` ## Update priority of a firewall rule `client.firewall.rules.edit(stringruleId, RuleEditParamsparams, RequestOptionsoptions?): SinglePage` **patch** `/zones/{zone_id}/firewall/rules/{rule_id}` Updates the priority of an existing firewall rule. ### Parameters - `ruleId: string` The unique identifier of the firewall rule. - `params: RuleEditParams` - `zone_id: string` Defines an identifier. ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const firewallRule of client.firewall.rules.edit('372e67954025e0ba6aaa6d586b9e0b60', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(firewallRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Delete a firewall rule `client.firewall.rules.delete(stringruleId, RuleDeleteParamsparams, RequestOptionsoptions?): FirewallRule` **delete** `/zones/{zone_id}/firewall/rules/{rule_id}` Deletes an existing firewall rule. ### Parameters - `ruleId: string` The unique identifier of the firewall rule. - `params: RuleDeleteParams` - `zone_id: string` Defines an identifier. ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const firewallRule = await client.firewall.rules.delete('372e67954025e0ba6aaa6d586b9e0b60', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(firewallRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" }, "success": true } ``` ## Update firewall rules `client.firewall.rules.bulkUpdate(RuleBulkUpdateParamsparams, RequestOptionsoptions?): SinglePage` **put** `/zones/{zone_id}/firewall/rules` Updates one or more existing firewall rules. ### Parameters - `params: RuleBulkUpdateParams` - `zone_id: string` Path param: Defines an identifier. - `body: unknown` Body param ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const firewallRule of client.firewall.rules.bulkUpdate({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', body: {}, })) { console.log(firewallRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Update priority of firewall rules `client.firewall.rules.bulkEdit(RuleBulkEditParamsparams, RequestOptionsoptions?): SinglePage` **patch** `/zones/{zone_id}/firewall/rules` Updates the priority of existing firewall rules. ### Parameters - `params: RuleBulkEditParams` - `zone_id: string` Path param: Defines an identifier. - `body: unknown` Body param ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const firewallRule of client.firewall.rules.bulkEdit({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', body: {}, })) { console.log(firewallRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Delete firewall rules `client.firewall.rules.bulkDelete(RuleBulkDeleteParamsparams, RequestOptionsoptions?): SinglePage` **delete** `/zones/{zone_id}/firewall/rules` Deletes existing firewall rules. ### Parameters - `params: RuleBulkDeleteParams` - `zone_id: string` Defines an identifier. ### Returns - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const firewallRule of client.firewall.rules.bulkDelete({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(firewallRule.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b60", "action": "block", "description": "Blocks traffic identified during investigation for MIR-31", "filter": { "id": "372e67954025e0ba6aaa6d586b9e0b61", "description": "Restrict access from these browsers on this address range.", "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155", "paused": false, "ref": "FIL-100" }, "paused": false, "priority": 50, "products": [ "waf" ], "ref": "MIR-31" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Domain Types ### Deleted Filter - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. ### Firewall Rule - `FirewallRule` - `id?: string` The unique identifier of the firewall rule. - `action?: Action` The action to apply to a matched request. The `log` action is only available on an Enterprise plan. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `"allow"` - `"log"` - `"bypass"` - `description?: string` An informative summary of the firewall rule. - `filter?: FirewallFilter | DeletedFilter` - `FirewallFilter` - `id?: string` The unique identifier of the filter. - `description?: string` An informative summary of the filter. - `expression?: string` The filter expression. For more information, refer to [Expressions](https://developers.cloudflare.com/ruleset-engine/rules-language/expressions/). - `paused?: boolean` When true, indicates that the filter is currently paused. - `ref?: string` A short reference tag. Allows you to select related filters. - `DeletedFilter` - `id: string` The unique identifier of the filter. - `deleted: boolean` When true, indicates that the firewall rule was deleted. - `paused?: boolean` When true, indicates that the firewall rule is currently paused. - `priority?: number` The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority. - `products?: Array` - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` - `ref?: string` A short reference tag. Allows you to select related firewall rules. ### Product - `Product = "zoneLockdown" | "uaBlock" | "bic" | 4 more` A list of products to bypass for a request when using the `bypass` action. - `"zoneLockdown"` - `"uaBlock"` - `"bic"` - `"hot"` - `"securityLevel"` - `"rateLimit"` - `"waf"` # Access Rules ## List IP Access rules `client.firewall.accessRules.list(AccessRuleListParamsparams?, RequestOptionsoptions?): V4PagePaginationArray` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters. ### Parameters - `params: AccessRuleListParams` - `account_id?: string` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `configuration?: Configuration` Query param - `target?: "ip" | "ip_range" | "asn" | "country"` Defines the target to search in existing rules. - `"ip"` - `"ip_range"` - `"asn"` - `"country"` - `value?: string` Defines the target value to search for in existing rules: an IP address, an IP address range, or a country code, depending on the provided `configuration.target`. Notes: You can search for a single IPv4 address, an IP address range with a subnet of '/16' or '/24', or a two-letter ISO-3166-1 alpha-2 country code. - `direction?: "asc" | "desc"` Query param: Defines the direction used to sort returned rules. - `"asc"` - `"desc"` - `match?: "any" | "all"` Query param: Defines the search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `"any"` - `"all"` - `mode?: "block" | "challenge" | "whitelist" | 2 more` Query param: The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `notes?: string` Query param: Defines the string to search for in the notes of existing IP Access rules. Notes: For example, the string 'attack' would match IP Access rules with notes 'Attack 26/02' and 'Attack 27/02'. The search is case insensitive. - `order?: "configuration.target" | "configuration.value" | "mode"` Query param: Defines the field used to sort returned rules. - `"configuration.target"` - `"configuration.value"` - `"mode"` - `page?: number` Query param: Defines the requested page within paginated list of results. - `per_page?: number` Query param: Defines the maximum number of results requested. ### Returns - `AccessRuleListResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const accessRuleListResponse of client.firewall.accessRules.list({ account_id: 'account_id', })) { console.log(accessRuleListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an IP Access rule `client.firewall.accessRules.get(stringruleId, AccessRuleGetParamsparams?, RequestOptionsoptions?): AccessRuleGetResponse` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Fetches the details of an IP Access rule defined. ### Parameters - `ruleId: string` Unique identifier for a rule. - `params: AccessRuleGetParams` - `account_id?: string` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `AccessRuleGetResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const accessRule = await client.firewall.accessRules.get('023e105f4ecef8ad9ca31a8372d0c353', { account_id: 'account_id', }); console.log(accessRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Create an IP Access rule `client.firewall.accessRules.create(AccessRuleCreateParamsparams, RequestOptionsoptions?): AccessRuleCreateResponse` **post** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone. Note: To create an IP Access rule that applies to a single zone, refer to the [IP Access rules for a zone](#ip-access-rules-for-a-zone) endpoints. ### Parameters - `params: AccessRuleCreateParams` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` Body param: The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` Body param: The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `account_id?: string` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `notes?: string` Body param: An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `AccessRuleCreateResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const accessRule = await client.firewall.accessRules.create({ configuration: {}, mode: 'challenge', account_id: 'account_id', }); console.log(accessRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Update an IP Access rule `client.firewall.accessRules.edit(stringruleId, AccessRuleEditParamsparams, RequestOptionsoptions?): AccessRuleEditResponse` **patch** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Updates an IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `ruleId: string` Unique identifier for a rule. - `params: AccessRuleEditParams` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` Body param: The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` Body param: The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `account_id?: string` Path param: The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` Path param: The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `notes?: string` Body param: An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `AccessRuleEditResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.firewall.accessRules.edit('023e105f4ecef8ad9ca31a8372d0c353', { configuration: {}, mode: 'challenge', account_id: 'account_id', }); console.log(response.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Delete an IP Access rule `client.firewall.accessRules.delete(stringruleId, AccessRuleDeleteParamsparams?, RequestOptionsoptions?): AccessRuleDeleteResponse | null` **delete** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Deletes an existing IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `ruleId: string` Unique identifier for a rule. - `params: AccessRuleDeleteParams` - `account_id?: string` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id?: string` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `AccessRuleDeleteResponse` - `id: string` Defines an identifier. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const accessRule = await client.firewall.accessRules.delete('023e105f4ecef8ad9ca31a8372d0c353', { account_id: 'account_id', }); console.log(accessRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" }, "success": true } ``` ## Domain Types ### Access Rule CIDR Configuration - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. ### Access Rule IP Configuration - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. ### ASN Configuration - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. ### Country Configuration - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). ### IPV6 Configuration - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. ### Access Rule List Response - `AccessRuleListResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Get Response - `AccessRuleGetResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Create Response - `AccessRuleCreateResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Edit Response - `AccessRuleEditResponse` - `id: string` The unique identifier of the IP Access rule. - `allowed_modes: Array<"block" | "challenge" | "whitelist" | 2 more>` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on?: string` The timestamp of when the rule was created. - `modified_on?: string` The timestamp of when the rule was last modified. - `notes?: string` An informative summary of the rule, typically used as a reminder or explanation. - `scope?: Scope` All zones owned by the user will have the rule applied. - `id?: string` Defines an identifier. - `email?: string` The contact email address of the user. - `type?: "user" | "organization"` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Delete Response - `AccessRuleDeleteResponse` - `id: string` Defines an identifier. # UA Rules ## List User Agent Blocking rules `client.firewall.uaRules.list(UARuleListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/firewall/ua_rules` Fetches User Agent Blocking rules in a zone. You can filter the results using several optional parameters. ### Parameters - `params: UARuleListParams` - `zone_id: string` Path param: Defines an identifier. - `description?: string` Query param: A string to search for in the description of existing rules. - `page?: number` Query param: Page number of paginated results. - `paused?: boolean` Query param: When true, indicates that the rule is currently paused. - `per_page?: number` Query param: The maximum number of results per page. You can only set the value to `1` or to a multiple of 5 such as `5`, `10`, `15`, or `20`. - `user_agent?: string` Query param: A string to search for in the user agent values of existing rules. ### Returns - `UARuleListResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const uaRuleListResponse of client.firewall.uaRules.list({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(uaRuleListResponse.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a User Agent Blocking rule `client.firewall.uaRules.get(stringuaRuleId, UARuleGetParamsparams, RequestOptionsoptions?): UARuleGetResponse` **get** `/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}` Fetches the details of a User Agent Blocking rule. ### Parameters - `uaRuleId: string` The unique identifier of the User Agent Blocking rule. - `params: UARuleGetParams` - `zone_id: string` Defines an identifier. ### Returns - `UARuleGetResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const uaRule = await client.firewall.uaRules.get('372e67954025e0ba6aaa6d586b9e0b59', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(uaRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` ## Create a User Agent Blocking rule `client.firewall.uaRules.create(UARuleCreateParamsparams, RequestOptionsoptions?): UARuleCreateResponse` **post** `/zones/{zone_id}/firewall/ua_rules` Creates a new User Agent Blocking rule in a zone. ### Parameters - `params: UARuleCreateParams` - `zone_id: string` Path param: Defines an identifier. - `configuration: Configuration` Body param - `target?: "ua"` The configuration target. You must set the target to `ua` when specifying a user agent in the rule. - `"ua"` - `value?: string` the user agent to exactly match - `mode: "block" | "challenge" | "whitelist" | 2 more` Body param: The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `description?: string` Body param: An informative summary of the rule. This value is sanitized and any tags will be removed. - `paused?: boolean` Body param: When true, indicates that the rule is currently paused. ### Returns - `UARuleCreateResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const uaRule = await client.firewall.uaRules.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', configuration: {}, mode: 'challenge', }); console.log(uaRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` ## Update a User Agent Blocking rule `client.firewall.uaRules.update(stringuaRuleId, UARuleUpdateParamsparams, RequestOptionsoptions?): UARuleUpdateResponse` **put** `/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}` Updates an existing User Agent Blocking rule. ### Parameters - `uaRuleId: string` The unique identifier of the User Agent Blocking rule. - `params: UARuleUpdateParams` - `zone_id: string` Path param: Defines an identifier. - `configuration: AccessRuleIPConfiguration | IPV6Configuration | AccessRuleCIDRConfiguration | 2 more` Body param: The rule configuration. - `AccessRuleIPConfiguration` - `target?: "ip"` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value?: string` The IP address to match. This address will be compared to the IP address of incoming requests. - `IPV6Configuration` - `target?: "ip6"` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value?: string` The IPv6 address to match. - `AccessRuleCIDRConfiguration` - `target?: "ip_range"` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value?: string` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `ASNConfiguration` - `target?: "asn"` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value?: string` The AS number to match. - `CountryConfiguration` - `target?: "country"` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value?: string` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: "block" | "challenge" | "whitelist" | 2 more` Body param: The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `description?: string` Body param: An informative summary of the rule. This value is sanitized and any tags will be removed. - `paused?: boolean` Body param: When true, indicates that the rule is currently paused. ### Returns - `UARuleUpdateResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const uaRule = await client.firewall.uaRules.update('372e67954025e0ba6aaa6d586b9e0b59', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', configuration: {}, mode: 'challenge', }); console.log(uaRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` ## Delete a User Agent Blocking rule `client.firewall.uaRules.delete(stringuaRuleId, UARuleDeleteParamsparams, RequestOptionsoptions?): UARuleDeleteResponse` **delete** `/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}` Deletes an existing User Agent Blocking rule. ### Parameters - `uaRuleId: string` The unique identifier of the User Agent Blocking rule. - `params: UARuleDeleteParams` - `zone_id: string` Defines an identifier. ### Returns - `UARuleDeleteResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const uaRule = await client.firewall.uaRules.delete('372e67954025e0ba6aaa6d586b9e0b59', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(uaRule.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configuration": { "target": "ua", "value": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/603.2.4 (KHTML, like Gecko) Version/10.1.1 Safari/603.2.4" }, "description": "Prevent access from abusive clients identified by this User Agent to mitigate a DDoS attack", "mode": "js_challenge", "paused": false }, "success": true } ``` ## Domain Types ### UA Rule List Response - `UARuleListResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### UA Rule Get Response - `UARuleGetResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### UA Rule Create Response - `UARuleCreateResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### UA Rule Update Response - `UARuleUpdateResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. ### UA Rule Delete Response - `UARuleDeleteResponse` - `id?: string` The unique identifier of the User Agent Blocking rule. - `configuration?: Configuration` The configuration object for the current rule. - `target?: string` The configuration target for this rule. You must set the target to `ua` for User Agent Blocking rules. - `value?: string` The exact user agent string to match. This value will be compared to the received `User-Agent` HTTP header value. - `description?: string` An informative summary of the rule. - `mode?: "block" | "challenge" | "js_challenge" | "managed_challenge"` The action to apply to a matched request. - `"block"` - `"challenge"` - `"js_challenge"` - `"managed_challenge"` - `paused?: boolean` When true, indicates that the rule is currently paused. # WAF # Overrides ## List WAF overrides `client.firewall.waf.overrides.list(OverrideListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/firewall/waf/overrides` Fetches the URI-based WAF overrides in a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params: OverrideListParams` - `zone_id: string` Path param: Defines an identifier. - `page?: number` Query param: The page number of paginated results. - `per_page?: number` Query param: The number of WAF overrides per page. ### Returns - `Override` - `id?: string` The unique identifier of the WAF override. - `description?: string | null` An informative summary of the current URI-based WAF override. - `groups?: Record` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `paused?: boolean` When true, indicates that the rule is currently paused. - `priority?: number` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `rewrite_action?: RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `block?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `challenge?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `default?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `disable?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `simulate?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `rules?: WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `urls?: Array` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const override of client.firewall.waf.overrides.list({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(override.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF override `client.firewall.waf.overrides.get(stringoverridesId, OverrideGetParamsparams, RequestOptionsoptions?): Override` **get** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Fetches the details of a URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesId: string` The unique identifier of the WAF override. - `params: OverrideGetParams` - `zone_id: string` Defines an identifier. ### Returns - `Override` - `id?: string` The unique identifier of the WAF override. - `description?: string | null` An informative summary of the current URI-based WAF override. - `groups?: Record` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `paused?: boolean` When true, indicates that the rule is currently paused. - `priority?: number` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `rewrite_action?: RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `block?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `challenge?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `default?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `disable?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `simulate?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `rules?: WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `urls?: Array` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const override = await client.firewall.waf.overrides.get('de677e5818985db1285d0e80225f06e5', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(override.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Create a WAF override `client.firewall.waf.overrides.create(OverrideCreateParamsparams, RequestOptionsoptions?): Override` **post** `/zones/{zone_id}/firewall/waf/overrides` Creates a URI-based WAF override for a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params: OverrideCreateParams` - `zone_id: string` Path param: Defines an identifier. - `urls: Array` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `Override` - `id?: string` The unique identifier of the WAF override. - `description?: string | null` An informative summary of the current URI-based WAF override. - `groups?: Record` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `paused?: boolean` When true, indicates that the rule is currently paused. - `priority?: number` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `rewrite_action?: RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `block?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `challenge?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `default?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `disable?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `simulate?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `rules?: WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `urls?: Array` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const override = await client.firewall.waf.overrides.create({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', urls: ['shop.example.com/*'], }); console.log(override.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Update WAF override `client.firewall.waf.overrides.update(stringoverridesId, OverrideUpdateParamsparams, RequestOptionsoptions?): Override` **put** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Updates an existing URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesId: string` The unique identifier of the WAF override. - `params: OverrideUpdateParams` - `zone_id: string` Path param: Defines an identifier. - `id: string` Body param: Defines an identifier. - `rewrite_action: RewriteAction` Body param: Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `block?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `challenge?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `default?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `disable?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `simulate?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `rules: WAFRule` Body param: An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `urls: Array` Body param: The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `Override` - `id?: string` The unique identifier of the WAF override. - `description?: string | null` An informative summary of the current URI-based WAF override. - `groups?: Record` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `paused?: boolean` When true, indicates that the rule is currently paused. - `priority?: number` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `rewrite_action?: RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `block?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `challenge?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `default?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `disable?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `simulate?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `rules?: WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `urls?: Array` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const override = await client.firewall.waf.overrides.update('de677e5818985db1285d0e80225f06e5', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', id: '023e105f4ecef8ad9ca31a8372d0c353', rewrite_action: {}, rules: { '100015': 'disable' }, urls: ['shop.example.com/*'], }); console.log(override.id); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "de677e5818985db1285d0e80225f06e5", "description": "Enable Cloudflare Magento ruleset for shop.example.com", "groups": { "ea8687e59929c1fd05ba97574ad43f77": "bar" }, "paused": true, "priority": 1, "rewrite_action": { "block": "challenge", "challenge": "challenge", "default": "challenge", "disable": "challenge", "simulate": "challenge" }, "rules": { "100015": "disable" }, "urls": [ "shop.example.com/*" ] }, "success": true } ``` ## Delete a WAF override `client.firewall.waf.overrides.delete(stringoverridesId, OverrideDeleteParamsparams, RequestOptionsoptions?): OverrideDeleteResponse` **delete** `/zones/{zone_id}/firewall/waf/overrides/{overrides_id}` Deletes an existing URI-based WAF override. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `overridesId: string` The unique identifier of the WAF override. - `params: OverrideDeleteParams` - `zone_id: string` Defines an identifier. ### Returns - `OverrideDeleteResponse` - `id?: string` The unique identifier of the WAF override. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const override = await client.firewall.waf.overrides.delete('de677e5818985db1285d0e80225f06e5', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(override.id); ``` #### Response ```json { "result": { "id": "de677e5818985db1285d0e80225f06e5" } } ``` ## Domain Types ### Override - `Override` - `id?: string` The unique identifier of the WAF override. - `description?: string | null` An informative summary of the current URI-based WAF override. - `groups?: Record` An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually `default` or `disable`). When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `paused?: boolean` When true, indicates that the rule is currently paused. - `priority?: number` The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides. - `rewrite_action?: RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `block?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `challenge?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `default?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `disable?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `simulate?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `rules?: WAFRule` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `urls?: Array` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Override URL - `OverrideURL = string` ### Rewrite Action - `RewriteAction` Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object. - `block?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `challenge?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `default?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `disable?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` - `simulate?: "challenge" | "block" | "simulate" | 2 more` The WAF rule action to apply. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` ### WAF Rule - `WAFRule = Record` An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a `groups` object or a `rules` object. - `"challenge"` - `"block"` - `"simulate"` - `"disable"` - `"default"` ### Override Delete Response - `OverrideDeleteResponse` - `id?: string` The unique identifier of the WAF override. # Packages ## List WAF packages `client.firewall.waf.packages.list(PackageListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/firewall/waf/packages` Fetches WAF packages for a zone. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `params: PackageListParams` - `zone_id: string` Path param: Defines an identifier. - `direction?: "asc" | "desc"` Query param: The direction used to sort returned packages. - `"asc"` - `"desc"` - `match?: "any" | "all"` Query param: When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `"any"` - `"all"` - `name?: string` Query param: The name of the WAF package. - `order?: "name"` Query param: The field used to sort returned packages. - `"name"` - `page?: number` Query param: The page number of paginated results. - `per_page?: number` Query param: The number of packages per page. ### Returns - `PackageListResponse = unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const packageListResponse of client.firewall.waf.packages.list({ zone_id: '023e105f4ecef8ad9ca31a8372d0c353', })) { console.log(packageListResponse); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ {} ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF package `client.firewall.waf.packages.get(stringpackageId, PackageGetParamsparams, RequestOptionsoptions?): PackageGetResponse` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}` Fetches the details of a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageId: string` Defines a package identifier. - `params: PackageGetParams` - `zone_id: string` Defines an identifier. ### Returns - `PackageGetResponse = FirewallAPIResponseSingle | Result` - `FirewallAPIResponseSingle` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `result: unknown | string | null` - `unknown` - `string | null` - `success: true` Defines whether the API call was successful. - `true` - `Result` - `result?: unknown` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const _package = await client.firewall.waf.packages.get('023e105f4ecef8ad9ca31a8372d0c353', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353', }); console.log(_package); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Package List Response - `PackageListResponse = unknown` ### Package Get Response - `PackageGetResponse = FirewallAPIResponseSingle | Result` - `FirewallAPIResponseSingle` - `errors: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `pointer?: string` - `messages: Array` - `code: number` - `message: string` - `documentation_url?: string` - `source?: Source` - `result: unknown | string | null` - `unknown` - `string | null` - `success: true` Defines whether the API call was successful. - `true` - `Result` - `result?: unknown` # Groups ## List WAF rule groups `client.firewall.waf.packages.groups.list(stringpackageId, GroupListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups` Fetches the WAF rule groups in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageId: string` Defines the unique identifier of a WAF package. - `params: GroupListParams` - `zone_id: string` Path param: Defines an identifier of a schema. - `direction?: "asc" | "desc"` Query param: Defines the direction used to sort returned rule groups. - `"asc"` - `"desc"` - `match?: "any" | "all"` Query param: Defines the condition for search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `"any"` - `"all"` - `mode?: "on" | "off"` Query param: Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `"on"` - `"off"` - `name?: string` Query param: Defines the name of the rule group. - `order?: "mode" | "rules_count"` Query param: Defines the field used to sort returned rule groups. - `"mode"` - `"rules_count"` - `page?: number` Query param: Defines the page number of paginated results. - `per_page?: number` Query param: Defines the number of rule groups per page. - `rules_count?: number` Query param: Defines the number of rules in the current rule group. ### Returns - `Group` - `id: string` Defines the unique identifier of the rule group. - `description: string | null` Defines an informative summary of what the rule group does. - `mode: "on" | "off"` Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `"on"` - `"off"` - `name: string` Defines the name of the rule group. - `rules_count: number` Defines the number of rules in the current rule group. - `allowed_modes?: Array<"on" | "off">` Defines the available states for the rule group. - `"on"` - `"off"` - `modified_rules_count?: number` Defines the number of rules within the group that have been modified from their default configuration. - `package_id?: string` Defines the unique identifier of a WAF package. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const group of client.firewall.waf.packages.groups.list( 'a25a9a7e9c00afc1fb2e0245519d725b', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(group.id); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "de677e5818985db1285d0e80225f06e5", "description": "Group designed to protect against IP addresses that are a threat and typically used to launch DDoS attacks", "mode": "on", "name": "Project Honey Pot", "rules_count": 10, "allowed_modes": [ "on", "off" ], "modified_rules_count": 2, "package_id": "a25a9a7e9c00afc1fb2e0245519d725b" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF rule group `client.firewall.waf.packages.groups.get(stringpackageId, stringgroupId, GroupGetParamsparams, RequestOptionsoptions?): GroupGetResponse` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}` Fetches the details of a WAF rule group. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageId: string` Defines the unique identifier of a WAF package. - `groupId: string` Defines the unique identifier of a WAF package. - `params: GroupGetParams` - `zone_id: string` Defines an identifier of a schema. ### Returns - `GroupGetResponse = unknown | string | null` - `unknown` - `string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const group = await client.firewall.waf.packages.groups.get( 'a25a9a7e9c00afc1fb2e0245519d725b', 'a25a9a7e9c00afc1fb2e0245519d725b', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(group); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Update a WAF rule group `client.firewall.waf.packages.groups.edit(stringpackageId, stringgroupId, GroupEditParamsparams, RequestOptionsoptions?): GroupEditResponse` **patch** `/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}` Updates a WAF rule group. You can update the state (`mode` parameter) of a rule group. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageId: string` Defines the unique identifier of a WAF package. - `groupId: string` Defines the unique identifier of a WAF package. - `params: GroupEditParams` - `zone_id: string` Path param: Defines an identifier of a schema. - `mode?: "on" | "off"` Body param: Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `"on"` - `"off"` ### Returns - `GroupEditResponse = unknown | string | null` - `unknown` - `string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.firewall.waf.packages.groups.edit( 'a25a9a7e9c00afc1fb2e0245519d725b', 'a25a9a7e9c00afc1fb2e0245519d725b', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Domain Types ### Group - `Group` - `id: string` Defines the unique identifier of the rule group. - `description: string | null` Defines an informative summary of what the rule group does. - `mode: "on" | "off"` Defines the state of the rules contained in the rule group. When `on`, the rules in the group are configurable/usable. - `"on"` - `"off"` - `name: string` Defines the name of the rule group. - `rules_count: number` Defines the number of rules in the current rule group. - `allowed_modes?: Array<"on" | "off">` Defines the available states for the rule group. - `"on"` - `"off"` - `modified_rules_count?: number` Defines the number of rules within the group that have been modified from their default configuration. - `package_id?: string` Defines the unique identifier of a WAF package. ### Group Get Response - `GroupGetResponse = unknown | string | null` - `unknown` - `string | null` ### Group Edit Response - `GroupEditResponse = unknown | string | null` - `unknown` - `string | null` # Rules ## List WAF rules `client.firewall.waf.packages.rules.list(stringpackageId, RuleListParamsparams, RequestOptionsoptions?): V4PagePaginationArray` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules` Fetches WAF rules in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageId: string` Defines the unique identifier of a WAF package. - `params: RuleListParams` - `zone_id: string` Path param: Defines an identifier of a schema. - `description?: string` Query param: Defines the public description of the WAF rule. - `direction?: "asc" | "desc"` Query param: Defines the direction used to sort returned rules. - `"asc"` - `"desc"` - `group_id?: string` Query param: Defines the unique identifier of the rule group. - `match?: "any" | "all"` Query param: Defines the search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `"any"` - `"all"` - `mode?: "DIS" | "CHL" | "BLK" | "SIM"` Query param: Defines the action/mode a rule has been overridden to perform. - `"DIS"` - `"CHL"` - `"BLK"` - `"SIM"` - `order?: "priority" | "group_id" | "description"` Query param: Defines the field used to sort returned rules. - `"priority"` - `"group_id"` - `"description"` - `page?: number` Query param: Defines the page number of paginated results. - `per_page?: number` Query param: Defines the number of rules per page. - `priority?: string` Query param: Defines the order in which the individual WAF rule is executed within its rule group. ### Returns - `RuleListResponse = WAFManagedRulesAnomalyRule | WAFManagedRulesTraditionalDenyRule | WAFManagedRulesTraditionalAllowRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `WAFManagedRulesAnomalyRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `id?: string` Defines the unique identifier of the rule group. - `name?: string` Defines the name of the rule group. - `mode: AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalDenyRule` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>` Defines the list of possible actions of the WAF rule when it is triggered. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `default_mode: "disable" | "simulate" | "block" | "challenge"` Defines the default action/mode of a rule. - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "default" | "disable" | "simulate" | 2 more` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalAllowRule` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"on" | "off">` Defines the available modes for the current WAF rule. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "on" | "off"` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); // Automatically fetches more pages as needed. for await (const ruleListResponse of client.firewall.waf.packages.rules.list( 'a25a9a7e9c00afc1fb2e0245519d725b', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, )) { console.log(ruleListResponse); } ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "f939de3be84e66e757adcdcb87908023", "allowed_modes": [ "on", "off" ], "description": "SQL injection prevention for SELECT statements", "group": { "id": "de677e5818985db1285d0e80225f06e5", "name": "Project Honey Pot" }, "mode": "on", "package_id": "a25a9a7e9c00afc1fb2e0245519d725b", "priority": "priority" } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a WAF rule `client.firewall.waf.packages.rules.get(stringpackageId, stringruleId, RuleGetParamsparams, RequestOptionsoptions?): RuleGetResponse` **get** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}` Fetches the details of a WAF rule in a WAF package. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageId: string` Defines the unique identifier of a WAF package. - `ruleId: string` Defines the unique identifier of a WAF package. - `params: RuleGetParams` - `zone_id: string` Defines an identifier of a schema. ### Returns - `RuleGetResponse = unknown | string | null` - `unknown` - `string | null` ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const rule = await client.firewall.waf.packages.rules.get( 'a25a9a7e9c00afc1fb2e0245519d725b', 'a25a9a7e9c00afc1fb2e0245519d725b', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(rule); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": {}, "success": true } ``` ## Update a WAF rule `client.firewall.waf.packages.rules.edit(stringpackageId, stringruleId, RuleEditParamsparams, RequestOptionsoptions?): RuleEditResponse` **patch** `/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}` Updates a WAF rule. You can only update the mode/action of the rule. **Note:** Applies only to the [previous version of WAF managed rules](https://developers.cloudflare.com/support/firewall/managed-rules-web-application-firewall-waf/understanding-waf-managed-rules-web-application-firewall/). ### Parameters - `packageId: string` Defines the unique identifier of a WAF package. - `ruleId: string` Defines the unique identifier of a WAF package. - `params: RuleEditParams` - `zone_id: string` Path param: Defines an identifier of a schema. - `mode?: "default" | "disable" | "simulate" | 4 more` Body param: Defines the mode/action of the rule when triggered. You must use a value from the `allowed_modes` array of the current rule. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `"on"` - `"off"` ### Returns - `RuleEditResponse = WAFManagedRulesAnomalyRule | WAFManagedRulesTraditionalDenyRule | WAFManagedRulesTraditionalAllowRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `WAFManagedRulesAnomalyRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `id?: string` Defines the unique identifier of the rule group. - `name?: string` Defines the name of the rule group. - `mode: AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalDenyRule` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>` Defines the list of possible actions of the WAF rule when it is triggered. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `default_mode: "disable" | "simulate" | "block" | "challenge"` Defines the default action/mode of a rule. - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "default" | "disable" | "simulate" | 2 more` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalAllowRule` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"on" | "off">` Defines the available modes for the current WAF rule. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "on" | "off"` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. ### Example ```node import Cloudflare from 'cloudflare'; const client = new Cloudflare({ apiToken: process.env['CLOUDFLARE_API_TOKEN'], // This is the default and can be omitted }); const response = await client.firewall.waf.packages.rules.edit( 'a25a9a7e9c00afc1fb2e0245519d725b', 'a25a9a7e9c00afc1fb2e0245519d725b', { zone_id: '023e105f4ecef8ad9ca31a8372d0c353' }, ); console.log(response); ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "f939de3be84e66e757adcdcb87908023", "allowed_modes": [ "on", "off" ], "description": "SQL injection prevention for SELECT statements", "group": { "id": "de677e5818985db1285d0e80225f06e5", "name": "Project Honey Pot" }, "mode": "on", "package_id": "a25a9a7e9c00afc1fb2e0245519d725b", "priority": "priority" }, "success": true } ``` ## Domain Types ### Allowed Modes Anomaly - `AllowedModesAnomaly = "on" | "off"` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `"on"` - `"off"` ### WAF Rule Group - `WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `id?: string` Defines the unique identifier of the rule group. - `name?: string` Defines the name of the rule group. ### Rule List Response - `RuleListResponse = WAFManagedRulesAnomalyRule | WAFManagedRulesTraditionalDenyRule | WAFManagedRulesTraditionalAllowRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `WAFManagedRulesAnomalyRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `id?: string` Defines the unique identifier of the rule group. - `name?: string` Defines the name of the rule group. - `mode: AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalDenyRule` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>` Defines the list of possible actions of the WAF rule when it is triggered. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `default_mode: "disable" | "simulate" | "block" | "challenge"` Defines the default action/mode of a rule. - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "default" | "disable" | "simulate" | 2 more` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalAllowRule` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"on" | "off">` Defines the available modes for the current WAF rule. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "on" | "off"` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. ### Rule Get Response - `RuleGetResponse = unknown | string | null` - `unknown` - `string | null` ### Rule Edit Response - `RuleEditResponse = WAFManagedRulesAnomalyRule | WAFManagedRulesTraditionalDenyRule | WAFManagedRulesTraditionalAllowRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `WAFManagedRulesAnomalyRule` When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array` Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `id?: string` Defines the unique identifier of the rule group. - `name?: string` Defines the name of the rule group. - `mode: AllowedModesAnomaly` Defines the mode anomaly. When set to `on`, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalDenyRule` When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>` Defines the list of possible actions of the WAF rule when it is triggered. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `default_mode: "disable" | "simulate" | "block" | "challenge"` Defines the default action/mode of a rule. - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "default" | "disable" | "simulate" | 2 more` Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules. - `"default"` - `"disable"` - `"simulate"` - `"block"` - `"challenge"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group. - `WAFManagedRulesTraditionalAllowRule` When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed. - `id: string` Defines the unique identifier of the WAF rule. - `allowed_modes: Array<"on" | "off">` Defines the available modes for the current WAF rule. - `"on"` - `"off"` - `description: string` Defines the public description of the WAF rule. - `group: WAFRuleGroup` Defines the rule group to which the current WAF rule belongs. - `mode: "on" | "off"` When set to `on`, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules. - `"on"` - `"off"` - `package_id: string` Defines the unique identifier of a WAF package. - `priority: string` Defines the order in which the individual WAF rule is executed within its rule group.