Skip to content
Cloudflare API
Start here
API Reference
Firewall
Lockdowns

Create a Zone Lockdown rule

firewall.lockdowns.create(LockdownCreateParams**kwargs) -> Lockdown
POST/zones/{zone_id}/firewall/lockdowns

Creates a new Zone Lockdown rule.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Firewall Services Write
ParametersExpand Collapse
zone_id: str

Defines an identifier.

maxLength32
configurations: ConfigurationParam

A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

One of the following:
class LockdownIPConfiguration:
target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the Zone Lockdown rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class LockdownCIDRConfiguration:
target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the Zone Lockdown rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24.

urls: SequenceNotStr[OverrideURL]

The URLs to include in the current WAF override. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

description: Optional[str]

An informative summary of the rule. This value is sanitized and any tags will be removed.

maxLength1024
paused: Optional[bool]

When true, indicates that the rule is currently paused.

priority: Optional[float]

The priority of the rule to control the processing order. A lower number indicates higher priority. If not provided, any rules with a configured priority will be processed before rules without a priority.

ReturnsExpand Collapse
class Lockdown:
id: str

The unique identifier of the Zone Lockdown rule.

maxLength32
configurations: Configuration

A list of IP addresses or CIDR ranges that will be allowed to access the URLs specified in the Zone Lockdown rule. You can include any number of ip or ip_range configurations.

One of the following:
class LockdownIPConfiguration:
target: Optional[Literal["ip"]]

The configuration target. You must set the target to ip when specifying an IP address in the Zone Lockdown rule.

value: Optional[str]

The IP address to match. This address will be compared to the IP address of incoming requests.

class LockdownCIDRConfiguration:
target: Optional[Literal["ip_range"]]

The configuration target. You must set the target to ip_range when specifying an IP address range in the Zone Lockdown rule.

value: Optional[str]

The IP address range to match. You can only use prefix lengths /16 and /24.

created_on: datetime

The timestamp of when the rule was created.

formatdate-time
description: str

An informative summary of the rule.

maxLength1024
modified_on: datetime

The timestamp of when the rule was last modified.

formatdate-time
paused: bool

When true, indicates that the rule is currently paused.

urls: List[LockdownURL]

The URLs to include in the rule definition. You can use wildcards. Each entered URL will be escaped before use, which means you can only use simple wildcard patterns.

Create a Zone Lockdown rule

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
lockdown = client.firewall.lockdowns.create(
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
    configurations=[{}],
    urls=["shop.example.com/*"],
)
print(lockdown.id)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b59",
    "configurations": [
      {
        "target": "ip",
        "value": "198.51.100.4"
      }
    ],
    "created_on": "2014-01-01T05:20:00.12345Z",
    "description": "Restrict access to these endpoints to requests from a known IP address",
    "modified_on": "2014-01-01T05:20:00.12345Z",
    "paused": false,
    "urls": [
      "api.mysite.com/some/endpoint*"
    ]
  },
  "success": true
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b59",
    "configurations": [
      {
        "target": "ip",
        "value": "198.51.100.4"
      }
    ],
    "created_on": "2014-01-01T05:20:00.12345Z",
    "description": "Restrict access to these endpoints to requests from a known IP address",
    "modified_on": "2014-01-01T05:20:00.12345Z",
    "paused": false,
    "urls": [
      "api.mysite.com/some/endpoint*"
    ]
  },
  "success": true
}