# Lockdowns ## List Zone Lockdown rules `firewall.lockdowns.list(LockdownListParams**kwargs) -> SyncV4PagePaginationArray[Lockdown]` **get** `/zones/{zone_id}/firewall/lockdowns` Fetches Zone Lockdown rules. You can filter the results using several optional parameters. ### Parameters - `zone_id: str` Defines an identifier. - `created_on: Optional[Union[str, datetime]]` The timestamp of when the rule was created. - `description: Optional[str]` A string to search for in the description of existing rules. - `description_search: Optional[str]` A string to search for in the description of existing rules. - `ip: Optional[str]` A single IP address to search for in existing rules. - `ip_range_search: Optional[str]` A single IP address range to search for in existing rules. - `ip_search: Optional[str]` A single IP address to search for in existing rules. - `modified_on: Optional[Union[str, datetime]]` The timestamp of when the rule was last modified. - `page: Optional[float]` Page number of paginated results. - `per_page: Optional[float]` The maximum number of results per page. You can only set the value to `1` or to a multiple of 5 such as `5`, `10`, `15`, or `20`. - `priority: Optional[float]` The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. - `uri_search: Optional[str]` A single URI to search for in the list of URLs of existing rules. ### Returns - `class Lockdown: …` - `id: str` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: datetime` The timestamp of when the rule was created. - `description: str` An informative summary of the rule. - `modified_on: datetime` The timestamp of when the rule was last modified. - `paused: bool` When true, indicates that the rule is currently paused. - `urls: List[LockdownURL]` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) page = client.firewall.lockdowns.list( zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) page = page.result[0] print(page.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": [ { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] } ], "success": true, "result_info": { "count": 1, "page": 1, "per_page": 20, "total_count": 2000 } } ``` ## Get a Zone Lockdown rule `firewall.lockdowns.get(strlock_downs_id, LockdownGetParams**kwargs) -> Lockdown` **get** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Fetches the details of a Zone Lockdown rule. ### Parameters - `zone_id: str` Defines an identifier. - `lock_downs_id: str` The unique identifier of the Zone Lockdown rule. ### Returns - `class Lockdown: …` - `id: str` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: datetime` The timestamp of when the rule was created. - `description: str` An informative summary of the rule. - `modified_on: datetime` The timestamp of when the rule was last modified. - `paused: bool` When true, indicates that the rule is currently paused. - `urls: List[LockdownURL]` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) lockdown = client.firewall.lockdowns.get( lock_downs_id="372e67954025e0ba6aaa6d586b9e0b59", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(lockdown.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Create a Zone Lockdown rule `firewall.lockdowns.create(LockdownCreateParams**kwargs) -> Lockdown` **post** `/zones/{zone_id}/firewall/lockdowns` Creates a new Zone Lockdown rule. ### Parameters - `zone_id: str` Defines an identifier. - `configurations: ConfigurationParam` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `urls: SequenceNotStr[OverrideURL]` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. - `description: Optional[str]` An informative summary of the rule. This value is sanitized and any tags will be removed. - `paused: Optional[bool]` When true, indicates that the rule is currently paused. - `priority: Optional[float]` The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority. ### Returns - `class Lockdown: …` - `id: str` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: datetime` The timestamp of when the rule was created. - `description: str` An informative summary of the rule. - `modified_on: datetime` The timestamp of when the rule was last modified. - `paused: bool` When true, indicates that the rule is currently paused. - `urls: List[LockdownURL]` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) lockdown = client.firewall.lockdowns.create( zone_id="023e105f4ecef8ad9ca31a8372d0c353", configurations=[{}], urls=["shop.example.com/*"], ) print(lockdown.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Update a Zone Lockdown rule `firewall.lockdowns.update(strlock_downs_id, LockdownUpdateParams**kwargs) -> Lockdown` **put** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Updates an existing Zone Lockdown rule. ### Parameters - `zone_id: str` Defines an identifier. - `lock_downs_id: str` The unique identifier of the Zone Lockdown rule. - `configurations: ConfigurationParam` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `urls: SequenceNotStr[OverrideURL]` The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Returns - `class Lockdown: …` - `id: str` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: datetime` The timestamp of when the rule was created. - `description: str` An informative summary of the rule. - `modified_on: datetime` The timestamp of when the rule was last modified. - `paused: bool` When true, indicates that the rule is currently paused. - `urls: List[LockdownURL]` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) lockdown = client.firewall.lockdowns.update( lock_downs_id="372e67954025e0ba6aaa6d586b9e0b59", zone_id="023e105f4ecef8ad9ca31a8372d0c353", configurations=[{}], urls=["shop.example.com/*"], ) print(lockdown.id) ``` #### Response ```json { "errors": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "messages": [ { "code": 1000, "message": "message", "documentation_url": "documentation_url", "source": { "pointer": "pointer" } } ], "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59", "configurations": [ { "target": "ip", "value": "198.51.100.4" } ], "created_on": "2014-01-01T05:20:00.12345Z", "description": "Restrict access to these endpoints to requests from a known IP address", "modified_on": "2014-01-01T05:20:00.12345Z", "paused": false, "urls": [ "api.mysite.com/some/endpoint*" ] }, "success": true } ``` ## Delete a Zone Lockdown rule `firewall.lockdowns.delete(strlock_downs_id, LockdownDeleteParams**kwargs) -> LockdownDeleteResponse` **delete** `/zones/{zone_id}/firewall/lockdowns/{lock_downs_id}` Deletes an existing Zone Lockdown rule. ### Parameters - `zone_id: str` Defines an identifier. - `lock_downs_id: str` The unique identifier of the Zone Lockdown rule. ### Returns - `class LockdownDeleteResponse: …` - `id: Optional[str]` The unique identifier of the Zone Lockdown rule. ### Example ```python import os from cloudflare import Cloudflare client = Cloudflare( api_token=os.environ.get("CLOUDFLARE_API_TOKEN"), # This is the default and can be omitted ) lockdown = client.firewall.lockdowns.delete( lock_downs_id="372e67954025e0ba6aaa6d586b9e0b59", zone_id="023e105f4ecef8ad9ca31a8372d0c353", ) print(lockdown.id) ``` #### Response ```json { "result": { "id": "372e67954025e0ba6aaa6d586b9e0b59" } } ``` ## Domain Types ### Configuration - `List[ConfigurationItem]` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown - `class Lockdown: …` - `id: str` The unique identifier of the Zone Lockdown rule. - `configurations: Configuration` A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of `ip` or `ip_range` configurations. - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. - `created_on: datetime` The timestamp of when the rule was created. - `description: str` An informative summary of the rule. - `modified_on: datetime` The timestamp of when the rule was last modified. - `paused: bool` When true, indicates that the rule is currently paused. - `urls: List[LockdownURL]` The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns. ### Lockdown CIDR Configuration - `class LockdownCIDRConfiguration: …` - `target: Optional[Literal["ip_range"]]` The configuration target. You must set the target to `ip_range` when specifying an IP address range in the Zone Lockdown rule. - `"ip_range"` - `value: Optional[str]` The IP address range to match. You can only use prefix lengths `/16` and `/24`. ### Lockdown IP Configuration - `class LockdownIPConfiguration: …` - `target: Optional[Literal["ip"]]` The configuration target. You must set the target to `ip` when specifying an IP address in the Zone Lockdown rule. - `"ip"` - `value: Optional[str]` The IP address to match. This address will be compared to the IP address of incoming requests. ### Lockdown URL - `str` ### Lockdown Delete Response - `class LockdownDeleteResponse: …` - `id: Optional[str]` The unique identifier of the Zone Lockdown rule.