## Create an IP Access rule

`firewall.access_rules.create(AccessRuleCreateParams**kwargs)  -> AccessRuleCreateResponse`

**post** `/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules`

Creates a new IP Access rule for an account or zone. The rule will apply to all zones in the account or zone.

Note: To create an IP Access rule that applies to a single zone, refer to the [IP Access rules for a zone](#ip-access-rules-for-a-zone) endpoints.

### Parameters

- `configuration: Configuration`

  The rule configuration.

  - `class AccessRuleIPConfiguration: …`

    - `target: Optional[Literal["ip"]]`

      The configuration target. You must set the target to `ip` when specifying an IP address in the rule.

      - `"ip"`

    - `value: Optional[str]`

      The IP address to match. This address will be compared to the IP address of incoming requests.

  - `class IPV6Configuration: …`

    - `target: Optional[Literal["ip6"]]`

      The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule.

      - `"ip6"`

    - `value: Optional[str]`

      The IPv6 address to match.

  - `class AccessRuleCIDRConfiguration: …`

    - `target: Optional[Literal["ip_range"]]`

      The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule.

      - `"ip_range"`

    - `value: Optional[str]`

      The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges.

  - `class ASNConfiguration: …`

    - `target: Optional[Literal["asn"]]`

      The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule.

      - `"asn"`

    - `value: Optional[str]`

      The AS number to match.

  - `class CountryConfiguration: …`

    - `target: Optional[Literal["country"]]`

      The configuration target. You must set the target to `country` when specifying a country code in the rule.

      - `"country"`

    - `value: Optional[str]`

      The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country).

- `mode: Literal["block", "challenge", "whitelist", 2 more]`

  The action to apply to a matched request.

  - `"block"`

  - `"challenge"`

  - `"whitelist"`

  - `"js_challenge"`

  - `"managed_challenge"`

- `account_id: Optional[str]`

  The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

- `zone_id: Optional[str]`

  The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

- `notes: Optional[str]`

  An informative summary of the rule, typically used as a reminder or explanation.

### Returns

- `class AccessRuleCreateResponse: …`

  - `id: str`

    The unique identifier of the IP Access rule.

  - `allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]`

    The available actions that a rule can apply to a matched request.

    - `"block"`

    - `"challenge"`

    - `"whitelist"`

    - `"js_challenge"`

    - `"managed_challenge"`

  - `configuration: Configuration`

    The rule configuration.

    - `class AccessRuleIPConfiguration: …`

      - `target: Optional[Literal["ip"]]`

        The configuration target. You must set the target to `ip` when specifying an IP address in the rule.

        - `"ip"`

      - `value: Optional[str]`

        The IP address to match. This address will be compared to the IP address of incoming requests.

    - `class IPV6Configuration: …`

      - `target: Optional[Literal["ip6"]]`

        The configuration target. You must set the target to `ip6` when specifying an IPv6 address in the rule.

        - `"ip6"`

      - `value: Optional[str]`

        The IPv6 address to match.

    - `class AccessRuleCIDRConfiguration: …`

      - `target: Optional[Literal["ip_range"]]`

        The configuration target. You must set the target to `ip_range` when specifying an IP address range in the rule.

        - `"ip_range"`

      - `value: Optional[str]`

        The IP address range to match. You can only use prefix lengths `/16` and `/24` for IPv4 ranges, and prefix lengths `/32`, `/48`, and `/64` for IPv6 ranges.

    - `class ASNConfiguration: …`

      - `target: Optional[Literal["asn"]]`

        The configuration target. You must set the target to `asn` when specifying an Autonomous System Number (ASN) in the rule.

        - `"asn"`

      - `value: Optional[str]`

        The AS number to match.

    - `class CountryConfiguration: …`

      - `target: Optional[Literal["country"]]`

        The configuration target. You must set the target to `country` when specifying a country code in the rule.

        - `"country"`

      - `value: Optional[str]`

        The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to [IP Access rules: Parameters](https://developers.cloudflare.com/waf/tools/ip-access-rules/parameters/#country).

  - `mode: Literal["block", "challenge", "whitelist", 2 more]`

    The action to apply to a matched request.

    - `"block"`

    - `"challenge"`

    - `"whitelist"`

    - `"js_challenge"`

    - `"managed_challenge"`

  - `created_on: Optional[datetime]`

    The timestamp of when the rule was created.

  - `modified_on: Optional[datetime]`

    The timestamp of when the rule was last modified.

  - `notes: Optional[str]`

    An informative summary of the rule, typically used as a reminder or explanation.

  - `scope: Optional[Scope]`

    All zones owned by the user will have the rule applied.

    - `id: Optional[str]`

      Defines an identifier.

    - `email: Optional[str]`

      The contact email address of the user.

    - `type: Optional[Literal["user", "organization"]]`

      Defines the scope of the rule.

      - `"user"`

      - `"organization"`

### Example

```python
import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
access_rule = client.firewall.access_rules.create(
    configuration={},
    mode="challenge",
    account_id="account_id",
)
print(access_rule.id)
```

#### Response

```json
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "92f17202ed8bd63d69a66b86a49a8f6b",
    "allowed_modes": [
      "whitelist",
      "block",
      "challenge",
      "js_challenge",
      "managed_challenge"
    ],
    "configuration": {
      "target": "ip",
      "value": "198.51.100.4"
    },
    "mode": "challenge",
    "created_on": "2014-01-01T05:20:00.12345Z",
    "modified_on": "2014-01-01T05:20:00.12345Z",
    "notes": "This rule is enabled because of an event that occurred on date X.",
    "scope": {
      "id": "023e105f4ecef8ad9ca31a8372d0c353",
      "email": "user@example.com",
      "type": "user"
    }
  },
  "success": true
}
```