Skip to content
Cloudflare API
Start here
API Reference
Firewall

WAF

WAFOverrides

List WAF overrides
Deprecated
client.firewall.waf.overrides.list(OverrideListParams { zone_id, page, per_page } params, RequestOptionsoptions?): V4PagePaginationArray<Override { id, description, groups, 5 more } >
GET/zones/{zone_id}/firewall/waf/overrides
Get a WAF override
Deprecated
client.firewall.waf.overrides.get(stringoverridesId, OverrideGetParams { zone_id } params, RequestOptionsoptions?): Override { id, description, groups, 5 more }
GET/zones/{zone_id}/firewall/waf/overrides/{overrides_id}
Create a WAF override
Deprecated
client.firewall.waf.overrides.create(OverrideCreateParams { zone_id, urls } params, RequestOptionsoptions?): Override { id, description, groups, 5 more }
POST/zones/{zone_id}/firewall/waf/overrides
Update WAF override
Deprecated
client.firewall.waf.overrides.update(stringoverridesId, OverrideUpdateParams { zone_id, id, rewrite_action, 2 more } params, RequestOptionsoptions?): Override { id, description, groups, 5 more }
PUT/zones/{zone_id}/firewall/waf/overrides/{overrides_id}
Delete a WAF override
Deprecated
client.firewall.waf.overrides.delete(stringoverridesId, OverrideDeleteParams { zone_id } params, RequestOptionsoptions?): OverrideDeleteResponse { id }
DELETE/zones/{zone_id}/firewall/waf/overrides/{overrides_id}
ModelsExpand Collapse
Override { id, description, groups, 5 more }
id?: string

The unique identifier of the WAF override.

maxLength32
description?: string | null

An informative summary of the current URI-based WAF override.

maxLength1024
groups?: Record<string, unknown>

An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually default or disable). When creating a new URI-based WAF override, you must provide a groups object or a rules object.

paused?: boolean

When true, indicates that the rule is currently paused.

priority?: number

The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides.

maximum1000000000
minimum-1000000000
rewrite_action?: RewriteAction { block, challenge, default, 2 more }

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

rules?: WAFRule { , , , 2 more }

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

urls?: Array<OverrideURL>

The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

OverrideURL = string
RewriteAction { block, challenge, default, 2 more }

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

block?: "challenge" | "block" | "simulate" | 2 more

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
challenge?: "challenge" | "block" | "simulate" | 2 more

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
default?: "challenge" | "block" | "simulate" | 2 more

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
disable?: "challenge" | "block" | "simulate" | 2 more

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
simulate?: "challenge" | "block" | "simulate" | 2 more

The WAF rule action to apply.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
WAFRule = Record<string, "challenge" | "block" | "simulate" | 2 more>

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

One of the following:
"challenge"
"block"
"simulate"
"disable"
"default"
OverrideDeleteResponse { id }
id?: string

The unique identifier of the WAF override.

maxLength32

WAFPackages

List WAF packages
Deprecated
client.firewall.waf.packages.list(PackageListParams { zone_id, direction, match, 4 more } params, RequestOptionsoptions?): V4PagePaginationArray<PackageListResponse>
GET/zones/{zone_id}/firewall/waf/packages
Get a WAF package
Deprecated
client.firewall.waf.packages.get(stringpackageId, PackageGetParams { zone_id } params, RequestOptionsoptions?): PackageGetResponse
GET/zones/{zone_id}/firewall/waf/packages/{package_id}
ModelsExpand Collapse
PackageListResponse = unknown
PackageGetResponse = FirewallAPIResponseSingle { errors, messages, result, success } | Result { result }
One of the following:
FirewallAPIResponseSingle { errors, messages, result, success }
errors: Array<ResponseInfo { code, message, documentation_url, source } >
code: number
minimum1000
message: string
documentation_url?: string
source?: Source { pointer }
pointer?: string
messages: Array<ResponseInfo { code, message, documentation_url, source } >
code: number
minimum1000
message: string
documentation_url?: string
source?: Source { pointer }
pointer?: string
result: unknown | string | null
One of the following:
unknown
string | null
success: true

Defines whether the API call was successful.

Result { result }
result?: unknown

WAFPackagesGroups

List WAF rule groups
Deprecated
client.firewall.waf.packages.groups.list(stringpackageId, GroupListParams { zone_id, direction, match, 6 more } params, RequestOptionsoptions?): V4PagePaginationArray<Group { id, description, mode, 5 more } >
GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups
Get a WAF rule group
Deprecated
client.firewall.waf.packages.groups.get(stringpackageId, stringgroupId, GroupGetParams { zone_id } params, RequestOptionsoptions?): GroupGetResponse
GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}
Update a WAF rule group
Deprecated
client.firewall.waf.packages.groups.edit(stringpackageId, stringgroupId, GroupEditParams { zone_id, mode } params, RequestOptionsoptions?): GroupEditResponse
PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}
ModelsExpand Collapse
Group { id, description, mode, 5 more }
id: string

Defines the unique identifier of the rule group.

maxLength32
description: string | null

Defines an informative summary of what the rule group does.

mode: "on" | "off"

Defines the state of the rules contained in the rule group. When on, the rules in the group are configurable/usable.

One of the following:
"on"
"off"
name: string

Defines the name of the rule group.

rules_count: number

Defines the number of rules in the current rule group.

allowed_modes?: Array<"on" | "off">

Defines the available states for the rule group.

One of the following:
"on"
"off"
modified_rules_count?: number

Defines the number of rules within the group that have been modified from their default configuration.

package_id?: string

Defines the unique identifier of a WAF package.

maxLength32
GroupGetResponse = unknown | string | null
One of the following:
unknown
string | null
GroupEditResponse = unknown | string | null
One of the following:
unknown
string | null

WAFPackagesRules

List WAF rules
Deprecated
client.firewall.waf.packages.rules.list(stringpackageId, RuleListParams { zone_id, description, direction, 7 more } params, RequestOptionsoptions?): V4PagePaginationArray<RuleListResponse>
GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules
Get a WAF rule
Deprecated
client.firewall.waf.packages.rules.get(stringpackageId, stringruleId, RuleGetParams { zone_id } params, RequestOptionsoptions?): RuleGetResponse
GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}
Update a WAF rule
Deprecated
client.firewall.waf.packages.rules.edit(stringpackageId, stringruleId, RuleEditParams { zone_id, mode } params, RequestOptionsoptions?): RuleEditResponse
PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}
ModelsExpand Collapse
AllowedModesAnomaly = "on" | "off"

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

id?: string

Defines the unique identifier of the rule group.

maxLength32
name?: string

Defines the name of the rule group.

RuleListResponse = WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more } | WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more } | WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package.

One of the following:
WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: Array<AllowedModesAnomaly>

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more }

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
default_mode: "disable" | "simulate" | "block" | "challenge"

Defines the default action/mode of a rule.

One of the following:
"disable"
"simulate"
"block"
"challenge"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "default" | "disable" | "simulate" | 2 more

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: Array<"on" | "off">

Defines the available modes for the current WAF rule.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "on" | "off"

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:
"on"
"off"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

RuleGetResponse = unknown | string | null
One of the following:
unknown
string | null
RuleEditResponse = WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more } | WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more } | WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package.

One of the following:
WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: Array<AllowedModesAnomaly>

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more }

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
default_mode: "disable" | "simulate" | "block" | "challenge"

Defines the default action/mode of a rule.

One of the following:
"disable"
"simulate"
"block"
"challenge"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "default" | "disable" | "simulate" | 2 more

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: Array<"on" | "off">

Defines the available modes for the current WAF rule.

One of the following:
"on"
"off"
description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "on" | "off"

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:
"on"
"off"
package_id: string

Defines the unique identifier of a WAF package.

maxLength32
priority: string

Defines the order in which the individual WAF rule is executed within its rule group.