Firewall

firewall

Firewall

Access Rules

firewall.access_rules

Methods

Create An IP Access Rule -> Envelope<{ id, allowed_modes, configuration, 5 more... }>
post/{account_or_zone}/{account_or_zone_id}/firewall/access_rules/rules

Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone.

Note: To create an IP Access rule that applies to a single zone, refer to the IP Access rules for a zone endpoints.

Delete An IP Access Rule -> Envelope<{ id }>
delete/{account_or_zone}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Deletes an existing IP Access rule defined.

Note: This operation will affect all zones in the account or zone.

Update An IP Access Rule -> Envelope<{ id, allowed_modes, configuration, 5 more... }>
patch/{account_or_zone}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Updates an IP Access rule defined.

Note: This operation will affect all zones in the account or zone.

Get An IP Access Rule -> Envelope<{ id, allowed_modes, configuration, 5 more... }>
get/{account_or_zone}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Fetches the details of an IP Access rule defined.

List IP Access Rules -> V4PagePaginationArray<{ id, allowed_modes, configuration, 5 more... }>
get/{account_or_zone}/{account_or_zone_id}/firewall/access_rules/rules

Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters.

Domain types

AccessRuleCIDRConfiguration = { target, value }
AccessRuleIPConfiguration = { target, value }
ASNConfiguration = { target, value }
CountryConfiguration = { target, value }
IPV6Configuration = { target, value }
Firewall

Lockdowns

firewall.lockdowns

Methods

Create A Zone Lockdown Rule -> Envelope<>
post/zones/{zone_id}/firewall/lockdowns

Creates a new Zone Lockdown rule.

Delete A Zone Lockdown Rule -> Envelope<{ id }>
delete/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Deletes an existing Zone Lockdown rule.

Get A Zone Lockdown Rule -> Envelope<>
get/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Fetches the details of a Zone Lockdown rule.

List Zone Lockdown Rules -> V4PagePaginationArray<>
get/zones/{zone_id}/firewall/lockdowns

Fetches Zone Lockdown rules. You can filter the results using several optional parameters.

Update A Zone Lockdown Rule -> Envelope<>
put/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Updates an existing Zone Lockdown rule.

Domain types

A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

Lockdown = { id, configurations, created_on, 4 more... }
LockdownCIDRConfiguration = { target, value }
LockdownIPConfiguration = { target, value }
LockdownURL = string

firewall.rules

Methods

Delete Firewall Rules -> Envelope<Array<>>
Deprecated
delete/zones/{zone_id}/firewall/rules

Deletes existing firewall rules.

Security
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example: X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example: X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Firewall Services Write

Parameters
zone_id: string
(maxLength: 32)

Identifier

Response fields
errors: Array<>
messages: Array<>
result: Array<>
success: true

Whether the API call was successful

result_info: { count, page, per_page, 1 more... }
Optional
Request example
200Example
Update Priority Of Firewall Rules -> Envelope<Array<>>
Deprecated
patch/zones/{zone_id}/firewall/rules

Updates the priority of existing firewall rules.

Update Firewall Rules -> Envelope<Array<>>
Deprecated
put/zones/{zone_id}/firewall/rules

Updates one or more existing firewall rules.

Create Firewall Rules -> Envelope<Array<>>
Deprecated
post/zones/{zone_id}/firewall/rules

Create one or more firewall rules.

Delete A Firewall Rule -> Envelope<>
Deprecated
delete/zones/{zone_id}/firewall/rules/{rule_id}

Deletes an existing firewall rule.

Update Priority Of A Firewall Rule -> Envelope<Array<>>
Deprecated
patch/zones/{zone_id}/firewall/rules/{rule_id}

Updates the priority of an existing firewall rule.

Get A Firewall Rule -> Envelope<>
Deprecated
get/zones/{zone_id}/firewall/rules/{rule_id}

Fetches the details of a firewall rule.

List Firewall Rules -> V4PagePaginationArray<>
Deprecated
get/zones/{zone_id}/firewall/rules

Fetches firewall rules in a zone. You can filter the results using several optional parameters.

Update A Firewall Rule -> Envelope<>
Deprecated
put/zones/{zone_id}/firewall/rules/{rule_id}

Updates an existing firewall rule.

Domain types

DeletedFilter = { id, deleted }
FirewallRule = { id, action, description, 5 more... }
Product = "zoneLockdown" | "uaBlock" | "bic" | 4 more...

A list of products to bypass for a request when using the bypass action.

Firewall

UA Rules

firewall.ua_rules

Methods

Create A User Agent Blocking Rule -> Envelope<unknown>
post/zones/{zone_id}/firewall/ua_rules

Creates a new User Agent Blocking rule in a zone.

Delete A User Agent Blocking Rule -> Envelope<{ id }>
delete/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Deletes an existing User Agent Blocking rule.

Get A User Agent Blocking Rule -> Envelope<unknown>
get/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Fetches the details of a User Agent Blocking rule.

List User Agent Blocking Rules -> V4PagePaginationArray<{ id, configuration, description, 2 more... }>
get/zones/{zone_id}/firewall/ua_rules

Fetches User Agent Blocking rules in a zone. You can filter the results using several optional parameters.

Update A User Agent Blocking Rule -> Envelope<unknown>
put/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Updates an existing User Agent Blocking rule.

firewall.waf

FirewallWAF

Overrides

firewall.waf.overrides

Methods

Create A WAF Override -> Envelope<>
post/zones/{zone_id}/firewall/waf/overrides

Creates a URI-based WAF override for a zone.

Note: Applies only to the previous version of WAF managed rules.

Delete A WAF Override -> Envelope<{ id }>
delete/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Deletes an existing URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

Get A WAF Override -> Envelope<>
get/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Fetches the details of a URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

List WAF Overrides -> V4PagePaginationArray<>
get/zones/{zone_id}/firewall/waf/overrides

Fetches the URI-based WAF overrides in a zone.

Note: Applies only to the previous version of WAF managed rules.

Update WAF Override -> Envelope<>
put/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Updates an existing URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

Domain types

Override = { id, description, groups, 5 more... }
OverrideURL = string
RewriteAction = { block, challenge, default, 2 more... }

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

WAFRule = Record<string, "challenge" | "block" | "simulate" | 2 more...>

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

FirewallWAF

Packages

firewall.waf.packages

Methods

Get A WAF Package -> { errors, messages, result, 1 more... } | { result }
get/zones/{zone_id}/firewall/waf/packages/{package_id}

Fetches the details of a WAF package.

Note: Applies only to the previous version of WAF managed rules.

List WAF Packages -> V4PagePaginationArray<unknown>
get/zones/{zone_id}/firewall/waf/packages

Fetches WAF packages for a zone.

Note: Applies only to the previous version of WAF managed rules.

firewall.waf.packages.groups

Methods

Update A WAF Rule Group -> Envelope<unknown>
patch/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Updates a WAF rule group. You can update the state (mode parameter) of a rule group.

Note: Applies only to the previous version of WAF managed rules.

Get A WAF Rule Group -> Envelope<unknown>
get/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Fetches the details of a WAF rule group.

Note: Applies only to the previous version of WAF managed rules.

List WAF Rule Groups -> V4PagePaginationArray<>
get/zones/{zone_id}/firewall/waf/packages/{package_id}/groups

Fetches the WAF rule groups in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

Domain types

Group = { id, description, mode, 5 more... }

firewall.waf.packages.rules

Methods

Update A WAF Rule -> Envelope<{ id, allowed_modes, description, 4 more... } | { id, allowed_modes, default_mode, 5 more... } | { id, allowed_modes, description, 4 more... }>
patch/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Updates a WAF rule. You can only update the mode/action of the rule.

Note: Applies only to the previous version of WAF managed rules.

Get A WAF Rule -> Envelope<unknown>
get/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Fetches the details of a WAF rule in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

List WAF Rules -> V4PagePaginationArray<{ id, allowed_modes, description, 4 more... } | { id, allowed_modes, default_mode, 5 more... } | { id, allowed_modes, description, 4 more... }>
get/zones/{zone_id}/firewall/waf/packages/{package_id}/rules

Fetches WAF rules in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

Domain types

AllowedModesAnomaly = "on" | "off"

When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

WAFRuleGroup = { id, name }

The rule group to which the current WAF rule belongs.