Skip to content
Cloudflare API
Start here
API Reference
Firewall
Access Rules

List IP Access rules

firewall.access_rules.list(AccessRuleListParams**kwargs) -> SyncV4PagePaginationArray[AccessRuleListResponse]
GET/{accounts_or_zones}/{account_or_zone_id}/firewall/access_rules/rules

Fetches IP Access rules of an account or zone. These rules apply to all the zones in the account or zone. You can filter the results using several optional parameters.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Account Firewall Access Rules WriteAccount Firewall Access Rules Read
ParametersExpand Collapse
account_id: Optional[str]

The Account ID to use for this endpoint. Mutually exclusive with the Zone ID.

zone_id: Optional[str]

The Zone ID to use for this endpoint. Mutually exclusive with the Account ID.

configuration: Optional[Configuration]
target: Optional[Literal["ip", "ip_range", "asn", "country"]]

Defines the target to search in existing rules.

One of the following:
"ip"
"ip_range"
"asn"
"country"
value: Optional[str]

Defines the target value to search for in existing rules: an IP address, an IP address range, or a country code, depending on the provided configuration.target. Notes: You can search for a single IPv4 address, an IP address range with a subnet of '/16' or '/24', or a two-letter ISO-3166-1 alpha-2 country code.

direction: Optional[Literal["asc", "desc"]]

Defines the direction used to sort returned rules.

One of the following:
"asc"
"desc"
match: Optional[Literal["any", "all"]]

Defines the search requirements. When set to all, all the search requirements must match. When set to any, only one of the search requirements has to match.

One of the following:
"any"
"all"
mode: Optional[Literal["block", "challenge", "whitelist", 2 more]]

The action to apply to a matched request.

One of the following:
"block"
"challenge"
"whitelist"
"js_challenge"
"managed_challenge"
notes: Optional[str]

Defines the string to search for in the notes of existing IP Access rules. Notes: For example, the string 'attack' would match IP Access rules with notes 'Attack 26/02' and 'Attack 27/02'. The search is case insensitive.

order: Optional[Literal["configuration.target", "configuration.value", "mode"]]

Defines the field used to sort returned rules.

One of the following:
"configuration.target"
"configuration.value"
"mode"
page: Optional[float]

Defines the requested page within paginated list of results.

per_page: Optional[float]

Defines the maximum number of results requested.

ReturnsExpand Collapse
class AccessRuleListResponse:
id: str

The unique identifier of the IP Access rule.

maxLength32
allowed_modes: List[Literal["block", "challenge", "whitelist", 2 more]]

The available actions that a rule can apply to a matched request.

One of the following:
"block"
"challenge"
"whitelist"
"js_challenge"
"managed_challenge"
configuration: Configuration

The rule configuration.

One of the following:
class AccessRuleIPConfiguration:
target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class IPV6Configuration:
target: Optional[Literal["ip6"]]

The configuration target. You must set the target to ip6 when specifying an IPv6 address in the rule.

value: Optional[str]

The IPv6 address to match.

class AccessRuleCIDRConfiguration:
target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24 for IPv4 ranges, and prefix lengths /32, /48, and /64 for IPv6 ranges.

class ASNConfiguration:
target: Optional[Literal["asn"]]

The configuration target. You must set the target to asn when specifying an Autonomous System Number (ASN) in the rule.

value: Optional[str]

The AS number to match.

class CountryConfiguration:
target: Optional[Literal["country"]]

The configuration target. You must set the target to country when specifying a country code in the rule.

value: Optional[str]

The two-letter ISO-3166-1 alpha-2 code to match. For more information, refer to IP Access rules: Parameters.

mode: Literal["block", "challenge", "whitelist", 2 more]

The action to apply to a matched request.

One of the following:
"block"
"challenge"
"whitelist"
"js_challenge"
"managed_challenge"
created_on: Optional[datetime]

The timestamp of when the rule was created.

formatdate-time
modified_on: Optional[datetime]

The timestamp of when the rule was last modified.

formatdate-time
notes: Optional[str]

An informative summary of the rule, typically used as a reminder or explanation.

scope: Optional[Scope]

All zones owned by the user will have the rule applied.

id: Optional[str]

Defines an identifier.

maxLength32
email: Optional[str]

The contact email address of the user.

maxLength90
type: Optional[Literal["user", "organization"]]

Defines the scope of the rule.

One of the following:
"user"
"organization"

List IP Access rules

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.firewall.access_rules.list(
    account_id="account_id",
)
page = page.result[0]
print(page.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "92f17202ed8bd63d69a66b86a49a8f6b",
      "allowed_modes": [
        "whitelist",
        "block",
        "challenge",
        "js_challenge",
        "managed_challenge"
      ],
      "configuration": {
        "target": "ip",
        "value": "198.51.100.4"
      },
      "mode": "challenge",
      "created_on": "2014-01-01T05:20:00.12345Z",
      "modified_on": "2014-01-01T05:20:00.12345Z",
      "notes": "This rule is enabled because of an event that occurred on date X.",
      "scope": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "email": "user@example.com",
        "type": "user"
      }
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "92f17202ed8bd63d69a66b86a49a8f6b",
      "allowed_modes": [
        "whitelist",
        "block",
        "challenge",
        "js_challenge",
        "managed_challenge"
      ],
      "configuration": {
        "target": "ip",
        "value": "198.51.100.4"
      },
      "mode": "challenge",
      "created_on": "2014-01-01T05:20:00.12345Z",
      "modified_on": "2014-01-01T05:20:00.12345Z",
      "notes": "This rule is enabled because of an event that occurred on date X.",
      "scope": {
        "id": "023e105f4ecef8ad9ca31a8372d0c353",
        "email": "user@example.com",
        "type": "user"
      }
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}