A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

One of the following:

class LockdownIPConfiguration: …

target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the Zone Lockdown rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class LockdownCIDRConfiguration: …

target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the Zone Lockdown rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24.

class Lockdown: …

id: str

The unique identifier of the Zone Lockdown rule.

maxLength32

configurations: Configuration

A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

created_on: datetime

The timestamp of when the rule was created.

formatdate-time

description: str

An informative summary of the rule.

maxLength1024

modified_on: datetime

The timestamp of when the rule was last modified.

formatdate-time

paused: bool

When true, indicates that the rule is currently paused.

urls: List[LockdownURL]

The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

class LockdownCIDRConfiguration: …

target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the Zone Lockdown rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24.

class LockdownIPConfiguration: …

target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the Zone Lockdown rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

str

class LockdownDeleteResponse: …

id: Optional[str]

The unique identifier of the Zone Lockdown rule.

maxLength32

FirewallRules

List firewall rules

Deprecated

firewall.rules.list() -> SyncV4PagePaginationArray[FirewallRule]

GET/zones/{zone_id}/firewall/rules

Get a firewall rule

Deprecated

firewall.rules.get(, ) -> FirewallRule

GET/zones/{zone_id}/firewall/rules/{rule_id}

Create firewall rules

Deprecated

firewall.rules.create() -> SyncSinglePage[FirewallRule]

POST/zones/{zone_id}/firewall/rules

Update a firewall rule

Deprecated

firewall.rules.update(, ) -> FirewallRule

PUT/zones/{zone_id}/firewall/rules/{rule_id}

Update priority of a firewall rule

Deprecated

firewall.rules.edit(, ) -> SyncSinglePage[FirewallRule]

PATCH/zones/{zone_id}/firewall/rules/{rule_id}

Delete a firewall rule

Deprecated

firewall.rules.delete(, ) -> FirewallRule

DELETE/zones/{zone_id}/firewall/rules/{rule_id}

Update firewall rules

Deprecated

firewall.rules.bulk_update() -> SyncSinglePage[FirewallRule]

PUT/zones/{zone_id}/firewall/rules

Update priority of firewall rules

Deprecated

firewall.rules.bulk_edit() -> SyncSinglePage[FirewallRule]

PATCH/zones/{zone_id}/firewall/rules

Delete firewall rules

Deprecated

firewall.rules.bulk_delete() -> SyncSinglePage[FirewallRule]

DELETE/zones/{zone_id}/firewall/rules

ModelsExpand Collapse

class DeletedFilter: …

id: str

The unique identifier of the filter.

maxLength32

minLength32

deleted: bool

When true, indicates that the firewall rule was deleted.

class FirewallRule: …

id: Optional[str]

The unique identifier of the firewall rule.

maxLength32

action: Optional[Action]

The action to apply to a matched request. The log action is only available on an Enterprise plan.

description: Optional[str]

An informative summary of the firewall rule.

maxLength500

filter: Optional[Filter]

One of the following:

class FirewallFilter: …

id: Optional[str]

The unique identifier of the filter.

maxLength32

minLength32

description: Optional[str]

An informative summary of the filter.

maxLength500

expression: Optional[str]

The filter expression. For more information, refer to Expressions.

paused: Optional[bool]

When true, indicates that the filter is currently paused.

ref: Optional[str]

A short reference tag. Allows you to select related filters.

maxLength50

class DeletedFilter: …

id: str

The unique identifier of the filter.

maxLength32

minLength32

deleted: bool

When true, indicates that the firewall rule was deleted.

paused: Optional[bool]

When true, indicates that the firewall rule is currently paused.

priority: Optional[float]

The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority.

maximum2147483647

minimum0

products: Optional[List[Product]]

One of the following:

"zoneLockdown"

"uaBlock"

"bic"

"hot"

"securityLevel"

"rateLimit"

"waf"

ref: Optional[str]

A short reference tag. Allows you to select related firewall rules.

maxLength50

Literal["zoneLockdown", "uaBlock", "bic", 4 more]

A list of products to bypass for a request when using the bypass action.

One of the following:

"zoneLockdown"

"uaBlock"

"bic"

"hot"

"securityLevel"

"rateLimit"

"waf"

FirewallAccess Rules

List IP Access rules

firewall.access_rules.list() -> SyncV4PagePaginationArray[AccessRuleListResponse]

GET/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Get an IP Access rule

firewall.access_rules.get(, ) -> AccessRuleGetResponse

GET/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Create an IP Access rule

firewall.access_rules.create() -> AccessRuleCreateResponse

POST/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Update an IP Access rule

firewall.access_rules.edit(, ) -> AccessRuleEditResponse

PATCH/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

Delete an IP Access rule

firewall.access_rules.delete(, ) -> AccessRuleDeleteResponse

DELETE/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}

ModelsExpand Collapse

class AccessRuleCIDRConfiguration: …

target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

class AccessRuleIPConfiguration: …

target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class ASNConfiguration: …

target: Optional[Literal["asn"]]

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

value: Optional[str]

The AS number to match.

class CountryConfiguration: …

target: Optional[Literal["country"]]

The configuration target. You must set the target to country when specifying a country code in the rule.

value: Optional[str]

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

class IPV6Configuration: …

target: Optional[Literal["ip6"]]

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

value: Optional[str]

The IPv6 address to match.

class AccessRuleListResponse: …

id: str

The unique identifier of the IP Access rule.

maxLength32

allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]

The available actions that a rule can apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

configuration: Configuration

The rule configuration.

One of the following:

class AccessRuleIPConfiguration: …

target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class IPV6Configuration: …

target: Optional[Literal["ip6"]]

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

value: Optional[str]

The IPv6 address to match.

class AccessRuleCIDRConfiguration: …

target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

class ASNConfiguration: …

target: Optional[Literal["asn"]]

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

value: Optional[str]

The AS number to match.

class CountryConfiguration: …

target: Optional[Literal["country"]]

The configuration target. You must set the target to country when specifying a country code in the rule.

value: Optional[str]

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

mode: Literal["block", "challenge", "whitelist", 2 more]

The action to apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

created_on: Optional[datetime]

The timestamp of when the rule was created.

formatdate-time

modified_on: Optional[datetime]

The timestamp of when the rule was last modified.

formatdate-time

notes: Optional[str]

An informative summary of the rule, typically used as a reminder or explanation.

scope: Optional[Scope]

All zones owned by the user will have the rule applied.

id: Optional[str]

Defines an identifier.

maxLength32

email: Optional[str]

The contact email address of the user.

maxLength90

type: Optional[Literal["user", "organization"]]

Defines the scope of the rule.

One of the following:

"user"

"organization"

class AccessRuleGetResponse: …

id: str

The unique identifier of the IP Access rule.

maxLength32

allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]

The available actions that a rule can apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

configuration: Configuration

The rule configuration.

One of the following:

class AccessRuleIPConfiguration: …

target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class IPV6Configuration: …

target: Optional[Literal["ip6"]]

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

value: Optional[str]

The IPv6 address to match.

class AccessRuleCIDRConfiguration: …

target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

class ASNConfiguration: …

target: Optional[Literal["asn"]]

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

value: Optional[str]

The AS number to match.

class CountryConfiguration: …

target: Optional[Literal["country"]]

The configuration target. You must set the target to country when specifying a country code in the rule.

value: Optional[str]

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

mode: Literal["block", "challenge", "whitelist", 2 more]

The action to apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

created_on: Optional[datetime]

The timestamp of when the rule was created.

formatdate-time

modified_on: Optional[datetime]

The timestamp of when the rule was last modified.

formatdate-time

notes: Optional[str]

An informative summary of the rule, typically used as a reminder or explanation.

scope: Optional[Scope]

All zones owned by the user will have the rule applied.

id: Optional[str]

Defines an identifier.

maxLength32

email: Optional[str]

The contact email address of the user.

maxLength90

type: Optional[Literal["user", "organization"]]

Defines the scope of the rule.

One of the following:

"user"

"organization"

class AccessRuleCreateResponse: …

id: str

The unique identifier of the IP Access rule.

maxLength32

allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]

The available actions that a rule can apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

configuration: Configuration

The rule configuration.

One of the following:

class AccessRuleIPConfiguration: …

target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class IPV6Configuration: …

target: Optional[Literal["ip6"]]

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

value: Optional[str]

The IPv6 address to match.

class AccessRuleCIDRConfiguration: …

target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

class ASNConfiguration: …

target: Optional[Literal["asn"]]

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

value: Optional[str]

The AS number to match.

class CountryConfiguration: …

target: Optional[Literal["country"]]

The configuration target. You must set the target to country when specifying a country code in the rule.

value: Optional[str]

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

mode: Literal["block", "challenge", "whitelist", 2 more]

The action to apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

created_on: Optional[datetime]

The timestamp of when the rule was created.

formatdate-time

modified_on: Optional[datetime]

The timestamp of when the rule was last modified.

formatdate-time

notes: Optional[str]

An informative summary of the rule, typically used as a reminder or explanation.

scope: Optional[Scope]

All zones owned by the user will have the rule applied.

id: Optional[str]

Defines an identifier.

maxLength32

email: Optional[str]

The contact email address of the user.

maxLength90

type: Optional[Literal["user", "organization"]]

Defines the scope of the rule.

One of the following:

"user"

"organization"

class AccessRuleEditResponse: …

id: str

The unique identifier of the IP Access rule.

maxLength32

allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]

The available actions that a rule can apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

configuration: Configuration

The rule configuration.

One of the following:

class AccessRuleIPConfiguration: …

target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class IPV6Configuration: …

target: Optional[Literal["ip6"]]

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

value: Optional[str]

The IPv6 address to match.

class AccessRuleCIDRConfiguration: …

target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

class ASNConfiguration: …

target: Optional[Literal["asn"]]

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

value: Optional[str]

The AS number to match.

class CountryConfiguration: …

target: Optional[Literal["country"]]

The configuration target. You must set the target to country when specifying a country code in the rule.

value: Optional[str]

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

mode: Literal["block", "challenge", "whitelist", 2 more]

The action to apply to a matched request.

One of the following:

"block"

"challenge"

"whitelist"

"js_challenge"

"managed_challenge"

created_on: Optional[datetime]

The timestamp of when the rule was created.

formatdate-time

modified_on: Optional[datetime]

The timestamp of when the rule was last modified.

formatdate-time

notes: Optional[str]

An informative summary of the rule, typically used as a reminder or explanation.

scope: Optional[Scope]

All zones owned by the user will have the rule applied.

id: Optional[str]

Defines an identifier.

maxLength32

email: Optional[str]

The contact email address of the user.

maxLength90

type: Optional[Literal["user", "organization"]]

Defines the scope of the rule.

One of the following:

"user"

"organization"

class AccessRuleDeleteResponse: …

id: str

Defines an identifier.

maxLength32

FirewallUA Rules

List User Agent Blocking rules

firewall.ua_rules.list() -> SyncV4PagePaginationArray[UARuleListResponse]

GET/zones/{zone_id}/firewall/ua_rules

Get a User Agent Blocking rule

firewall.ua_rules.get(, ) -> UARuleGetResponse

GET/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Create a User Agent Blocking rule

firewall.ua_rules.create() -> UARuleCreateResponse

POST/zones/{zone_id}/firewall/ua_rules

Update a User Agent Blocking rule

firewall.ua_rules.update(, ) -> UARuleUpdateResponse

PUT/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

Delete a User Agent Blocking rule

firewall.ua_rules.delete(, ) -> UARuleDeleteResponse

DELETE/zones/{zone_id}/firewall/ua_rules/{ua_rule_id}

ModelsExpand Collapse

class UARuleListResponse: …

id: Optional[str]

The unique identifier of the User Agent Blocking rule.

maxLength32

configuration: Optional[Configuration]

The configuration object for the current rule.

target: Optional[str]

The configuration target for this rule. You must set the target to ua for User Agent Blocking rules.

value: Optional[str]

The exact user agent string to match. This value will be compared to the received User-Agent HTTP header value.

description: Optional[str]

An informative summary of the rule.

maxLength1024

mode: Optional[Literal["block", "challenge", "js_challenge", "managed_challenge"]]

The action to apply to a matched request.

maxLength12

One of the following:

"block"

"challenge"

"js_challenge"

"managed_challenge"

paused: Optional[bool]

When true, indicates that the rule is currently paused.

class UARuleGetResponse: …

id: Optional[str]

The unique identifier of the User Agent Blocking rule.

maxLength32

configuration: Optional[Configuration]

The configuration object for the current rule.

target: Optional[str]

The configuration target for this rule. You must set the target to ua for User Agent Blocking rules.

value: Optional[str]

The exact user agent string to match. This value will be compared to the received User-Agent HTTP header value.

description: Optional[str]

An informative summary of the rule.

maxLength1024

mode: Optional[Literal["block", "challenge", "js_challenge", "managed_challenge"]]

The action to apply to a matched request.

maxLength12

One of the following:

"block"

"challenge"

"js_challenge"

"managed_challenge"

paused: Optional[bool]

When true, indicates that the rule is currently paused.

class UARuleCreateResponse: …

id: Optional[str]

The unique identifier of the User Agent Blocking rule.

maxLength32

configuration: Optional[Configuration]

The configuration object for the current rule.

target: Optional[str]

The configuration target for this rule. You must set the target to ua for User Agent Blocking rules.

value: Optional[str]

The exact user agent string to match. This value will be compared to the received User-Agent HTTP header value.

description: Optional[str]

An informative summary of the rule.

maxLength1024

mode: Optional[Literal["block", "challenge", "js_challenge", "managed_challenge"]]

The action to apply to a matched request.

maxLength12

One of the following:

"block"

"challenge"

"js_challenge"

"managed_challenge"

paused: Optional[bool]

When true, indicates that the rule is currently paused.

class UARuleUpdateResponse: …

id: Optional[str]

The unique identifier of the User Agent Blocking rule.

maxLength32

configuration: Optional[Configuration]

The configuration object for the current rule.

target: Optional[str]

The configuration target for this rule. You must set the target to ua for User Agent Blocking rules.

value: Optional[str]

The exact user agent string to match. This value will be compared to the received User-Agent HTTP header value.

description: Optional[str]

An informative summary of the rule.

maxLength1024

mode: Optional[Literal["block", "challenge", "js_challenge", "managed_challenge"]]

The action to apply to a matched request.

maxLength12

One of the following:

"block"

"challenge"

"js_challenge"

"managed_challenge"

paused: Optional[bool]

When true, indicates that the rule is currently paused.

class UARuleDeleteResponse: …

id: Optional[str]

The unique identifier of the User Agent Blocking rule.

maxLength32

configuration: Optional[Configuration]

The configuration object for the current rule.

target: Optional[str]

The configuration target for this rule. You must set the target to ua for User Agent Blocking rules.

value: Optional[str]

The exact user agent string to match. This value will be compared to the received User-Agent HTTP header value.

description: Optional[str]

An informative summary of the rule.

maxLength1024

mode: Optional[Literal["block", "challenge", "js_challenge", "managed_challenge"]]

The action to apply to a matched request.

maxLength12

One of the following:

"block"

"challenge"

"js_challenge"

"managed_challenge"

paused: Optional[bool]

When true, indicates that the rule is currently paused.

FirewallWAF

FirewallWAFOverrides

List WAF overrides

Deprecated

firewall.waf.overrides.list() -> SyncV4PagePaginationArray[Override]

GET/zones/{zone_id}/firewall/waf/overrides

Get a WAF override

Deprecated

firewall.waf.overrides.get(, ) -> Override

GET/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Create a WAF override

Deprecated

firewall.waf.overrides.create() -> Override

POST/zones/{zone_id}/firewall/waf/overrides

Update WAF override

Deprecated

firewall.waf.overrides.update(, ) -> Override

PUT/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

Delete a WAF override

Deprecated

firewall.waf.overrides.delete(, ) -> OverrideDeleteResponse

DELETE/zones/{zone_id}/firewall/waf/overrides/{overrides_id}

ModelsExpand Collapse

class Override: …

id: Optional[str]

The unique identifier of the WAF override.

maxLength32

description: Optional[str]

An informative summary of the current URI-based WAF override.

maxLength1024

groups: Optional[Dict[str, object]]

An object that allows you to enable or disable WAF rule groups for the current WAF override. Each key of this object must be the ID of a WAF rule group, and each value must be a valid WAF action (usually default or disable). When creating a new URI-based WAF override, you must provide a groups object or a rules object.

paused: Optional[bool]

When true, indicates that the rule is currently paused.

priority: Optional[float]

The relative priority of the current URI-based WAF override when multiple overrides match a single URL. A lower number indicates higher priority. Higher priority overrides may overwrite values set by lower priority overrides.

maximum1000000000

minimum-1000000000

rewrite_action: Optional[RewriteAction]

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

rules: Optional[WAFRule]

An object that allows you to override the action of specific WAF rules. Each key of this object must be the ID of a WAF rule, and each value must be a valid WAF action. Unless you are disabling a rule, ensure that you also enable the rule group that this WAF rule belongs to. When creating a new URI-based WAF override, you must provide a groups object or a rules object.

urls: Optional[List[OverrideURL]]

The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

str

class RewriteAction: …

Specifies that, when a WAF rule matches, its configured action will be replaced by the action configured in this object.

block: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

challenge: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

default: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

disable: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

simulate: Optional[Literal["challenge", "block", "simulate", 2 more]]

The WAF rule action to apply.

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

Dict[str, Literal["challenge", "block", "simulate", 2 more]]

One of the following:

"challenge"

"block"

"simulate"

"disable"

"default"

class OverrideDeleteResponse: …

id: Optional[str]

The unique identifier of the WAF override.

maxLength32

FirewallWAFPackages

List WAF packages

Deprecated

firewall.waf.packages.list() -> SyncV4PagePaginationArray[object]

GET/zones/{zone_id}/firewall/waf/packages

Get a WAF package

Deprecated

firewall.waf.packages.get(, ) -> PackageGetResponse

GET/zones/{zone_id}/firewall/waf/packages/{package_id}

ModelsExpand Collapse

PackageGetResponse

One of the following:

class FirewallAPIResponseSingle: …

errors: List[ResponseInfo]

code: int

minimum1000

message: str

documentation_url: Optional[str]

source: Optional[Source]

pointer: Optional[str]

messages: List[ResponseInfo]

code: int

minimum1000

message: str

documentation_url: Optional[str]

source: Optional[Source]

pointer: Optional[str]

result: Union[Optional[str], Optional[object]]

One of the following:

Optional[str]

Optional[object]

success: Literal[true]

Defines whether the API call was successful.

class Result: …

result: Optional[object]

FirewallWAFPackagesGroups

List WAF rule groups

Deprecated

firewall.waf.packages.groups.list(, ) -> SyncV4PagePaginationArray[Group]

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups

Get a WAF rule group

Deprecated

firewall.waf.packages.groups.get(, ) -> GroupGetResponse

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

Update a WAF rule group

Deprecated

firewall.waf.packages.groups.edit(, ) -> GroupEditResponse

PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/groups/{group_id}

ModelsExpand Collapse

class Group: …

id: str

Defines the unique identifier of the rule group.

maxLength32

description: Optional[str]

Defines an informative summary of what the rule group does.

mode: Literal["on", "off"]

Defines the state of the rules contained in the rule group. When on, the rules in the group are configurable/usable.

One of the following:

"on"

"off"

name: str

Defines the name of the rule group.

rules_count: float

Defines the number of rules in the current rule group.

allowed_modes: Optional[List[Literal["on", "off"]]]

Defines the available states for the rule group.

One of the following:

"on"

"off"

modified_rules_count: Optional[float]

Defines the number of rules within the group that have been modified from their default configuration.

package_id: Optional[str]

Defines the unique identifier of a WAF package.

maxLength32

Union[Optional[str], Optional[object]]

One of the following:

Optional[str]

Optional[object]

Union[Optional[str], Optional[object]]

One of the following:

Optional[str]

Optional[object]

FirewallWAFPackagesRules

List WAF rules

Deprecated

firewall.waf.packages.rules.list(, ) -> SyncV4PagePaginationArray[RuleListResponse]

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules

Get a WAF rule

Deprecated

firewall.waf.packages.rules.get(, ) -> RuleGetResponse

GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

Update a WAF rule

Deprecated

firewall.waf.packages.rules.edit(, ) -> RuleEditResponse

PATCH/zones/{zone_id}/firewall/waf/packages/{package_id}/rules/{rule_id}

ModelsExpand Collapse

Literal["on", "off"]

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

One of the following:

"on"

"off"

class WAFRuleGroup: …

Defines the rule group to which the current WAF rule belongs.

id: Optional[str]

Defines the unique identifier of the rule group.

maxLength32

name: Optional[str]

Defines the name of the rule group.

RuleListResponse

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the 'sensitivity' property of the WAF package.

One of the following:

class WAFManagedRulesAnomalyRule: …

id: str

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: List[AllowedModesAnomaly]

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:

"on"

"off"

description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: str

Defines the unique identifier of a WAF package.

maxLength32

priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

class WAFManagedRulesTraditionalDenyRule: …

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A 'deny' rule will immediately respond to the request based on the configured rule action/mode (for example, 'block') and no other rules will be processed.

id: str

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: List[Literal["default", "disable", "simulate", 2 more]]

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

default_mode: Literal["disable", "simulate", "block", "challenge"]

Defines the default action/mode of a rule.

One of the following:

"disable"

"simulate"

"block"

"challenge"

description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

mode: Literal["default", "disable", "simulate", 2 more]

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

package_id: str

Defines the unique identifier of a WAF package.

maxLength32

priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

class WAFManagedRulesTraditionalAllowRule: …

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An 'allow' rule will immediately allow the request and no other rules will be processed.

id: str

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: List[Literal["on", "off"]]

Defines the available modes for the current WAF rule.

One of the following:

"on"

"off"

description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

mode: Literal["on", "off"]

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:

"on"

"off"

package_id: str

Defines the unique identifier of a WAF package.

maxLength32

priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

Union[Optional[str], Optional[object]]

One of the following:

Optional[str]

Optional[object]

RuleEditResponse

One of the following:

class WAFManagedRulesAnomalyRule: …

id: str

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: List[AllowedModesAnomaly]

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:

"on"

"off"

description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

package_id: str

Defines the unique identifier of a WAF package.

maxLength32

priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

class WAFManagedRulesTraditionalDenyRule: …

id: str

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: List[Literal["default", "disable", "simulate", 2 more]]

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

default_mode: Literal["disable", "simulate", "block", "challenge"]

Defines the default action/mode of a rule.

One of the following:

"disable"

"simulate"

"block"

"challenge"

description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

mode: Literal["default", "disable", "simulate", 2 more]

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:

"default"

"disable"

"simulate"

"block"

"challenge"

package_id: str

Defines the unique identifier of a WAF package.

maxLength32

priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

class WAFManagedRulesTraditionalAllowRule: …

id: str

Defines the unique identifier of the WAF rule.

maxLength32

allowed_modes: List[Literal["on", "off"]]

Defines the available modes for the current WAF rule.

One of the following:

"on"

"off"

description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

mode: Literal["on", "off"]

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:

"on"

"off"

package_id: str

Defines the unique identifier of a WAF package.

maxLength32

priority: str

Defines the order in which the individual WAF rule is executed within its rule group.