LogoCloudflare API

Firewall

firewall

Firewall

Access Rules

firewall.access_rules

Methods

List IP Access Rules -> V4PagePaginationArray<{ id, allowed_modes, configuration, 5 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters.

Get An IP Access Rule -> Envelope<{ id, allowed_modes, configuration, 5 more... }>
get/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Fetches the details of an IP Access rule defined.

Create An IP Access Rule -> Envelope<{ id, allowed_modes, configuration, 5 more... }>
post/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone.

Note: To create an IP Access rule that applies to a single zone, refer to the IP Access rules for a zone endpoints.

Update An IP Access Rule -> Envelope<{ id, allowed_modes, configuration, 5 more... }>
patch/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Updates an IP Access rule defined.

Note: This operation will affect all zones in the account or zone.

Delete An IP Access Rule -> Envelope<{ id }>
delete/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Deletes an existing IP Access rule defined.

Note: This operation will affect all zones in the account or zone.

Domain types

AccessRuleCIDRConfiguration = { target, value }
AccessRuleIPConfiguration = { target, value }
ASNConfiguration = { target, value }
CountryConfiguration = { target, value }
IPV6Configuration = { target, value }
Firewall

Lockdowns

firewall.lockdowns

Methods

List Zone Lockdown Rules -> V4PagePaginationArray<
Lockdown
>
get/zones/{zone_id}/firewall/lockdowns

Fetches Zone Lockdown rules. You can filter the results using several optional parameters.

Get A Zone Lockdown Rule -> Envelope<
Lockdown
>
get/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Fetches the details of a Zone Lockdown rule.

Create A Zone Lockdown Rule -> Envelope<
Lockdown
>
post/zones/{zone_id}/firewall/lockdowns

Creates a new Zone Lockdown rule.

Update A Zone Lockdown Rule -> Envelope<
Lockdown
>
put/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Updates an existing Zone Lockdown rule.

Delete A Zone Lockdown Rule -> Envelope<{ id }>
delete/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}

Deletes an existing Zone Lockdown rule.

Domain types

Configuration = Array<
LockdownIPConfiguration
|
LockdownCIDRConfiguration
>

A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

Lockdown = { id, configurations, created_on, 4 more... }
LockdownCIDRConfiguration = { target, value }
LockdownIPConfiguration = { target, value }
LockdownURL = string
Firewall

Rules

firewall.rules

Methods

List Firewall Rules -> V4PagePaginationArray<
FirewallRule
>
Deprecated
get/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Fetches firewall rules in a zone. You can filter the results using several optional parameters.

Get A Firewall Rule -> Envelope<
FirewallRule
>
Deprecated
get/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Fetches the details of a firewall rule.

Create Firewall Rules -> SinglePage<
FirewallRule
>
Deprecated
post/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Create one or more firewall rules.

Update A Firewall Rule -> Envelope<
FirewallRule
>
Deprecated
put/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates an existing firewall rule.

Update Priority Of A Firewall Rule -> SinglePage<
FirewallRule
>
Deprecated
patch/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates the priority of an existing firewall rule.

Delete A Firewall Rule -> Envelope<
FirewallRule
>
Deprecated
delete/zones/{zone_id}/firewall/rules/{rule_id}

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Deletes an existing firewall rule.

Update Firewall Rules -> SinglePage<
FirewallRule
>
Deprecated
put/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates one or more existing firewall rules.

Update Priority Of Firewall Rules -> SinglePage<
FirewallRule
>
Deprecated
patch/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Updates the priority of existing firewall rules.

Delete Firewall Rules -> SinglePage<
FirewallRule
>
Deprecated
delete/zones/{zone_id}/firewall/rules

Deprecated

The Firewall Rules API is deprecated in favour of using the Ruleset Engine. See https://developers.cloudflare.com/fundamentals/api/reference/deprecations/#firewall-rules-api-and-filters-api for full details.

Deletes existing firewall rules.

Domain types

DeletedFilter = { id, deleted }
FirewallRule = { id, action, description, 5 more... }
Product = "zoneLockdown" | "uaBlock" | "bic" | 4 more...

A list of products to bypass for a request when using the bypass action.

Firewall

UA Rules

firewall.ua_rules

Methods

List User Agent Blocking Rules -> V4PagePaginationArray<{ id, configuration, description, 2 more... }>
get/zones/{zone_id}/firewall/ua_rules

Fetches User Agent Blocking rules in a zone. You can filter the results using several optional parameters.

Get A User Agent Blocking Rule -> Envelope<{ id, configuration, description, 2 more... }>
get/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Fetches the details of a User Agent Blocking rule.

Create A User Agent Blocking Rule -> Envelope<{ id, configuration, description, 2 more... }>
post/zones/{zone_id}/firewall/ua_rules

Creates a new User Agent Blocking rule in a zone.

Update A User Agent Blocking Rule -> Envelope<{ id, configuration, description, 2 more... }>
put/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Updates an existing User Agent Blocking rule.

Delete A User Agent Blocking Rule -> Envelope<{ id, configuration, description, 2 more... }>
delete/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Deletes an existing User Agent Blocking rule.

Firewall

WAF

firewall.waf

FirewallWAF

Overrides

firewall.waf.overrides

Methods

List WAF Overrides -> V4PagePaginationArray<
Override
>
Deprecated
get/zones/{zone_id}/firewall/waf/overrides

Fetches the URI-based WAF overrides in a zone.

Note: Applies only to the previous version of WAF managed rules.

Get A WAF Override -> Envelope<
Override
>
Deprecated
get/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Fetches the details of a URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

Create A WAF Override -> Envelope<
Override
>
Deprecated
post/zones/{zone_id}/firewall/waf/overrides

Creates a URI-based WAF override for a zone.

Note: Applies only to the previous version of WAF managed rules.

Update WAF Override -> Envelope<
Override
>
Deprecated
put/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Updates an existing URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

Delete A WAF Override -> Envelope<{ id }>
Deprecated
delete/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Deletes an existing URI-based WAF override.

Note: Applies only to the previous version of WAF managed rules.

Domain types

Override = { id, description, groups, 5 more... }
OverrideURL = string
RewriteAction = { block, challenge, default, 2 more... }

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

WAFRule = Record<string, "challenge" | "block" | "simulate" | 2 more...>

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

FirewallWAF

Packages

firewall.waf.packages

Methods

List WAF Packages -> V4PagePaginationArray<unknown>
Deprecated
get/zones/{zone_id}/firewall/waf/packages

Fetches WAF packages for a zone.

Note: Applies only to the previous version of WAF managed rules.

Get A WAF Package -> { errors, messages, result, 1 more... } | { result }
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}

Fetches the details of a WAF package.

Note: Applies only to the previous version of WAF managed rules.

FirewallWAFPackages

Groups

firewall.waf.packages.groups

Methods

List WAF Rule Groups -> V4PagePaginationArray<
Group
>
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/groups

Fetches the WAF rule groups in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

Get A WAF Rule Group -> Envelope<unknown | string>
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Fetches the details of a WAF rule group.

Note: Applies only to the previous version of WAF managed rules.

Update A WAF Rule Group -> Envelope<unknown | string>
Deprecated
patch/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Updates a WAF rule group. You can update the state (mode parameter) of a rule group.

Note: Applies only to the previous version of WAF managed rules.

Domain types

Group = { id, description, mode, 5 more... }
FirewallWAFPackages

Rules

firewall.waf.packages.rules

Methods

List WAF Rules -> V4PagePaginationArray<{ id, allowed_modes, description, 4 more... } | { id, allowed_modes, default_mode, 5 more... } | { id, allowed_modes, description, 4 more... }>
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/rules

Fetches WAF rules in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

Security

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example: Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

Accepted Permissions (at least one required)

Firewall Services Write Firewall Services Read

path Parameters
zone_id: string
(maxLength: 32)

Defines an identifier of a schema.

package_id: string
(maxLength: 32)

Defines the unique identifier of a WAF package.

query Parameters
description: string
Optional

Defines the public description of the WAF rule.

direction:
Optional

Defines the direction used to sort returned rules.

"asc"
"desc"
group_id: string
Optional
(maxLength: 32)

Defines the unique identifier of the rule group.

match:
Optional
(default: "all")

Defines the search requirements. When set to all, all the search requirements must match. When set to any, only one of the search requirements has to match.

"any"
"all"
mode:
Optional

Defines the action/mode a rule has been overridden to perform.

"DIS"
"CHL"
"BLK"
"SIM"
order:
Optional

Defines the field used to sort returned rules.

"priority"
"group_id"
"description"
page: number
Optional
(minimum: 1, default: 1)

Defines the page number of paginated results.

per_page: number
Optional
(maximum: 100, minimum: 5, default: 50)

Defines the number of rules per page.

priority: string
Optional

Defines the order in which the individual WAF rule is executed within its rule group.

Response fields
errors: Array<
ResponseInfo
>
messages: Array<
ResponseInfo
>
result: Array<{ id, allowed_modes, description, 4 more... } | { id, allowed_modes, default_mode, 5 more... } | { id, allowed_modes, description, 4 more... }>
success: true

Defines whether the API call was successful.

result_info: { count, page, per_page, 1 more... }
Optional
Request example
200Example
Get A WAF Rule -> Envelope<unknown | string>
Deprecated
get/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Fetches the details of a WAF rule in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

Update A WAF Rule -> Envelope<{ id, allowed_modes, description, 4 more... } | { id, allowed_modes, default_mode, 5 more... } | { id, allowed_modes, description, 4 more... }>
Deprecated
patch/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Updates a WAF rule. You can only update the mode/action of the rule.

Note: Applies only to the previous version of WAF managed rules.

Domain types

AllowedModesAnomaly = "on" | "off"

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

WAFRuleGroup = { id, name }

Defines the rule group to which the current WAF rule belongs.