API Reference

Firewall

WAF

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Packages

List WAF packages

Deprecated

client.firewall.waf.packages.list(PackageListParams { zone_id, direction, match, 4 more } params, RequestOptionsoptions?): V4PagePaginationArray<PackageListResponse>

GET/zones/{zone_id}/firewall/waf/packages

Get a WAF package

Deprecated

client.firewall.waf.packages.get(stringpackageId, PackageGetParams { zone_id } params, RequestOptionsoptions?): PackageGetResponse

GET/zones/{zone_id}/firewall/waf/packages/{package_id}

ModelsExpand Collapse

PackageListResponse = unknown

PackageGetResponse = FirewallAPIResponseSingle { errors, messages, result, success } | Result { result }

One of the following:

FirewallAPIResponseSingle { errors, messages, result, success }

errors: Array<ResponseInfo { code, message, documentation_url, source } >

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

messages: Array<ResponseInfo { code, message, documentation_url, source } >

code: number

minimum1000

message: string

documentation_url?: string

source?: Source { pointer }

pointer?: string

result: unknown | string | null

One of the following:

unknown

string | null

success: true

Defines whether the API call was successful.

Result { result }

result?: unknown

PackagesGroups

List WAF rule groups

Deprecated

client.firewall.waf.packages.groups.list(stringpackageId, GroupListParams { zone_id, direction, match, 6 more } params, RequestOptionsoptions?): V4PagePaginationArray<Group { id, description, mode, 5 more } >

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups

Get a WAF rule group

Deprecated

client.firewall.waf.packages.groups.get(stringpackageId, stringgroupId, GroupGetParams { zone_id } params, RequestOptionsoptions?): GroupGetResponse

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Update a WAF rule group

Deprecated

client.firewall.waf.packages.groups.edit(stringpackageId, stringgroupId, GroupEditParams { zone_id, mode } params, RequestOptionsoptions?): GroupEditResponse

PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

ModelsExpand Collapse

Group { id, description, mode, 5 more }

id: string

Defines the unique identifier of the rule group.

maxLength32

description: string | null

Defines an informative summary of what the rule group does.

mode: "on" | "off"

Defines the state of the rules contained in the rule group. When on, the rules in the group are configurable/usable.

One of the following:

"on"

"off"

name: string

Defines the name of the rule group.

rules_count: number

Defines the number of rules in the current rule group.

allowed_modes?: Array<"on" | "off">

Defines the available states for the rule group.

One of the following:

"on"

"off"

modified_rules_count?: number

Defines the number of rules within the group that have been modified from their default configuration.

package_id?: string

Defines the unique identifier of a WAF package.

maxLength32

GroupGetResponse = unknown | string | null

One of the following:

unknown

string | null

GroupEditResponse = unknown | string | null

One of the following:

unknown

string | null

PackagesRules

List WAF rules

Deprecated

client.firewall.waf.packages.rules.list(stringpackageId, RuleListParams { zone_id, description, direction, 7 more } params, RequestOptionsoptions?): V4PagePaginationArray<RuleListResponse>

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules

Get a WAF rule

Deprecated

client.firewall.waf.packages.rules.get(stringpackageId, stringruleId, RuleGetParams { zone_id } params, RequestOptionsoptions?): RuleGetResponse

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Update a WAF rule

Deprecated

client.firewall.waf.packages.rules.edit(stringpackageId, stringruleId, RuleEditParams { zone_id, mode } params, RequestOptionsoptions?): RuleEditResponse

PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

ModelsExpand Collapse

AllowedModesAnomaly = "on" | "off"

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

One of the following:

"on"

"off"

WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

id?: string

Defines the unique identifier of the rule group.

maxLength32

name?: string

Defines the name of the rule group.

RuleListResponse = WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more } | WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more } | WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

One of the following:

WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

id: string

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: Array<AllowedModesAnomaly>

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:

"on"

"off"

description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: string

Defines the unique identifier of a WAF package.

maxLength32

priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more }

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A ‘deny’ rule will immediately respond to the request based on the configured rule action/mode (for example, ‘block’) and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

default_mode: "disable" | "simulate" | "block" | "challenge"

Defines the default action/mode of a rule.

One of the following:

"disable"

"simulate"

"block"

"challenge"

description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "default" | "disable" | "simulate" | 2 more

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

package_id: string

Defines the unique identifier of a WAF package.

maxLength32

priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An ‘allow’ rule will immediately allow the request and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: Array<"on" | "off">

Defines the available modes for the current WAF rule.

One of the following:

"on"

"off"

description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "on" | "off"

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:

"on"

"off"

package_id: string

Defines the unique identifier of a WAF package.

maxLength32

priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

RuleGetResponse = unknown | string | null

One of the following:

unknown

string | null

RuleEditResponse = WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more } | WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more } | WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

One of the following:

WAFManagedRulesAnomalyRule { id, allowed_modes, description, 4 more }

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

id: string

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: Array<AllowedModesAnomaly>

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:

"on"

"off"

description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: string

Defines the unique identifier of a WAF package.

maxLength32

priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalDenyRule { id, allowed_modes, default_mode, 5 more }

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A ‘deny’ rule will immediately respond to the request based on the configured rule action/mode (for example, ‘block’) and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: Array<"default" | "disable" | "simulate" | 2 more>

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

default_mode: "disable" | "simulate" | "block" | "challenge"

Defines the default action/mode of a rule.

One of the following:

"disable"

"simulate"

"block"

"challenge"

description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "default" | "disable" | "simulate" | 2 more

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

package_id: string

Defines the unique identifier of a WAF package.

maxLength32

priority: string

Defines the order in which the individual WAF rule is executed within its rule group.

WAFManagedRulesTraditionalAllowRule { id, allowed_modes, description, 4 more }

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An ‘allow’ rule will immediately allow the request and no other rules will be processed.

id: string

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: Array<"on" | "off">

Defines the available modes for the current WAF rule.

One of the following:

"on"

"off"

description: string

Defines the public description of the WAF rule.

group: WAFRuleGroup { id, name }

Defines the rule group to which the current WAF rule belongs.

mode: "on" | "off"

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:

"on"

"off"

package_id: string

Defines the unique identifier of a WAF package.

maxLength32

priority: string

Defines the order in which the individual WAF rule is executed within its rule group.