# Access Rules ## List IP Access rules `firewall.access_rules.list(AccessRuleListParams**kwargs) -> SyncV4PagePaginationArray[AccessRuleListResponse]` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters. ### Parameters - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `configuration: Optional[Configuration]` - `target: Optional[Literal["ip", "ip_range", "asn", "country"]]` Defines the target to search in existing rules. - `"ip"` - `"ip_range"` - `"asn"` - `"country"` - `value: Optional[str]` Defines the target value to search for in existing rules: an IP address, an IP address range, or a country code, depending on the provided `configuration.target`. Notes: You can search for a single IPv4 address, an IP address range with a subnet of '/16' or '/24', or a two-letter ISO-3166-1 alpha-2 country code. - `direction: Optional[Literal["asc", "desc"]]` Defines the direction used to sort returned rules. - `"asc"` - `"desc"` - `match: Optional[Literal["any", "all"]]` Defines the search requirements. When set to `all`, all the search requirements must match. When set to `any`, only one of the search requirements has to match. - `"any"` - `"all"` - `mode: Optional[Literal["block", "challenge", "whitelist", 2 more]]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `notes: Optional[str]` Defines the string to search for in the notes of existing IP Access rules. Notes: For example, the string 'attack' would match IP Access rules with notes 'Attack 26/02' and 'Attack 27/02'. The search is case insensitive. - `order: Optional[Literal["configuration.target", "configuration.value", "mode"]]` Defines the field used to sort returned rules. - `"configuration.target"` - `"configuration.value"` - `"mode"` - `page: Optional[float]` Defines the requested page within paginated list of results. - `per_page: Optional[float]` Defines the maximum number of results requested. ### Returns - `class AccessRuleListResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.firewall.access_rules.list( account_id="account_id", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get an IP Access rule `firewall.access_rules.get(strrule_id, AccessRuleGetParams**kwargs) -> AccessRuleGetResponse` **get** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Fetches the details of an IP Access rule defined. ### Parameters - `rule_id: str` Unique identifier for a rule. - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `class AccessRuleGetResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) access_rule = client.firewall.access_rules.get( rule_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="account_id", ) print(access_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Create an IP Access rule `firewall.access_rules.create(AccessRuleCreateParams**kwargs) -> AccessRuleCreateResponse` **post** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules` Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone. Note: To create an IP Access rule that applies to a single zone, refer to the [IP Access rules for a zone](#ip-access-rules-for-a-zone) endpoints. ### Parameters - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `class AccessRuleCreateResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) access_rule = client.firewall.access_rules.create( configuration={}, mode="challenge", account_id="account_id", ) print(access_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Update an IP Access rule `firewall.access_rules.edit(strrule_id, AccessRuleEditParams**kwargs) -> AccessRuleEditResponse` **patch** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Updates an IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `rule_id: str` Unique identifier for a rule. - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. ### Returns - `class AccessRuleEditResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) response = client.firewall.access_rules.edit( rule_id="023e105f4ecef8ad9ca31a8372d0c353", configuration={}, mode="challenge", account_id="account_id", ) print(response.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "92f17202ed8bd63d69a66b86a49a8f6b", "allowed_modes": [ "whitelist", "block", "challenge", "js_challenge", "managed_challenge" ], "configuration": { "target": "ip", "value": "198.51.100.4" }, "mode": "challenge", "created_on": "2014-01-01T05:20:00.12345Z", "modified_on": "2014-01-01T05:20:00.12345Z", "notes": "This rule is enabled because of an event that occurred on date X.", "scope": { "id": "023e105f4ecef8ad9ca31a8372d0c353", "email": "user@example.com", "type": "user" } }, "success": true } ``` ## Delete an IP Access rule `firewall.access_rules.delete(strrule_id, AccessRuleDeleteParams**kwargs) -> AccessRuleDeleteResponse` **delete** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules/{rule_id}` Deletes an existing IP Access rule defined. Note: This operation will affect all zones in the account or zone. ### Parameters - `rule_id: str` Unique identifier for a rule. - `account_id: Optional[str]` The Account ID to use for this endpoint. Mutually exclusive with the Zone ID. - `zone_id: Optional[str]` The Zone ID to use for this endpoint. Mutually exclusive with the Account ID. ### Returns - `class AccessRuleDeleteResponse: …` - `id: str` Defines an identifier. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) access_rule = client.firewall.access_rules.delete( rule_id="023e105f4ecef8ad9ca31a8372d0c353", account_id="account_id", ) print(access_rule.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "023e105f4ecef8ad9ca31a8372d0c353" }, "success": true } ``` ## Domain Types ### Access Rule CIDR Configuration - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. ### Access Rule IP Configuration - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. ### ASN Configuration - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. ### Country Configuration - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). ### IPV6 Configuration - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. ### Access Rule List Response - `class AccessRuleListResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Get Response - `class AccessRuleGetResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Create Response - `class AccessRuleCreateResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Edit Response - `class AccessRuleEditResponse: …` - `id: str` The unique identifier of the IP Access rule. - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]` The available actions that a rule can apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `configuration: Configuration` The rule configuration. - `class AccessRuleIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class IPV6Configuration: …` - `target: Optional[Literal["ip6"]]` The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule. - `"ip6"` - `value: Optional[str]` The IPv6 address to match. - `class AccessRuleCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges. - `class ASNConfiguration: …` - `target: Optional[Literal["asn"]]` The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule. - `"asn"` - `value: Optional[str]` The AS number to match. - `class CountryConfiguration: …` - `target: Optional[Literal["country"]]` The configuration target. You must set the target to `country` when specifying a country code in the rule. - `"country"` - `value: Optional[str]` The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country). - `mode: Literal["block", "challenge", "whitelist", 2 more]` The action to apply to a matched request. - `"block"` - `"challenge"` - `"whitelist"` - `"js_challenge"` - `"managed_challenge"` - `created_on: Optional[datetime]` The timestamp of when the rule was created. - `modified_on: Optional[datetime]` The timestamp of when the rule was last modified. - `notes: Optional[str]` An informative summary of the rule, typically used as a reminder or explanation. - `scope: Optional[Scope]` All zones owned by the user will have the rule applied. - `id: Optional[str]` Defines an identifier. - `email: Optional[str]` The contact email address of the user. - `type: Optional[Literal["user", "organization"]]` Defines the scope of the rule. - `"user"` - `"organization"` ### Access Rule Delete Response - `class AccessRuleDeleteResponse: …` - `id: str` Defines an identifier.