API Reference

Firewall

Rules

Copy Markdown

Open in Claude

Open in ChatGPT

Open in Cursor

---

Copy Markdown

View as Markdown

Update a firewall rule

Deprecated

firewall.rules.update(strrule_id, RuleUpdateParams**kwargs) -> FirewallRule

PUT/zones/{zone_id}/firewall/rules/{rule_id}

Updates an existing firewall rule.

Security

API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY

API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194

Accepted Permissions (at least one required)

Firewall Services Write

ParametersExpand Collapse

zone_id: str

Defines an identifier.

maxLength32

rule_id: str

The unique identifier of the firewall rule.

maxLength32

action: Action

The action to perform when the threshold of matched traffic within the configured period is exceeded.

mode: Optional[Literal["simulate", "ban", "challenge", 2 more]]

The action to perform.

One of the following:

"simulate"

"ban"

"challenge"

"js_challenge"

"managed_challenge"

response: Optional[ActionResponse]

A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object.

body: Optional[str]

The response body to return. The value must conform to the configured content type.

maxLength10240

content_type: Optional[str]

The content type of the body. Must be one of the following: text/plain, text/xml, or application/json.

maxLength50

timeout: Optional[float]

The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value.

maximum86400

minimum1

filter: FirewallFilterParam

id: Optional[str]

The unique identifier of the filter.

maxLength32

minLength32

description: Optional[str]

An informative summary of the filter.

maxLength500

expression: Optional[str]

The filter expression. For more information, refer to Expressions.

paused: Optional[bool]

When true, indicates that the filter is currently paused.

ref: Optional[str]

A short reference tag. Allows you to select related filters.

maxLength50

ReturnsExpand Collapse

class FirewallRule: …

id: Optional[str]

The unique identifier of the firewall rule.

maxLength32

action: Optional[Action]

The action to apply to a matched request. The log action is only available on an Enterprise plan.

One of the following:

"block"

"challenge"

"js_challenge"

"managed_challenge"

"allow"

"log"

"bypass"

description: Optional[str]

An informative summary of the firewall rule.

maxLength500

filter: Optional[Filter]

One of the following:

class FirewallFilter: …

id: Optional[str]

The unique identifier of the filter.

maxLength32

minLength32

description: Optional[str]

An informative summary of the filter.

maxLength500

expression: Optional[str]

The filter expression. For more information, refer to Expressions.

paused: Optional[bool]

When true, indicates that the filter is currently paused.

ref: Optional[str]

A short reference tag. Allows you to select related filters.

maxLength50

class DeletedFilter: …

id: str

The unique identifier of the filter.

maxLength32

minLength32

deleted: bool

When true, indicates that the firewall rule was deleted.

paused: Optional[bool]

When true, indicates that the firewall rule is currently paused.

priority: Optional[float]

The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority.

maximum2147483647

minimum0

products: Optional[List[Product]]

One of the following:

"zoneLockdown"

"uaBlock"

"bic"

"hot"

"securityLevel"

"rateLimit"

"waf"

ref: Optional[str]

A short reference tag. Allows you to select related firewall rules.

maxLength50

Update a firewall rule

Python

HTTP

TypeScript

Python

Go

Terraform

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
firewall_rule = client.firewall.rules.update(
    rule_id="372e67954025e0ba6aaa6d586b9e0b60",
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
    action={},
    filter={},
)
print(firewall_rule.id)

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b60",
    "action": "block",
    "description": "Blocks traffic identified during investigation for MIR-31",
    "filter": {
      "id": "372e67954025e0ba6aaa6d586b9e0b61",
      "description": "Restrict access from these browsers on this address range.",
      "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155",
      "paused": false,
      "ref": "FIL-100"
    },
    "paused": false,
    "priority": 50,
    "products": [
      "waf"
    ],
    "ref": "MIR-31"
  },
  "success": true
}

Returns Examples

200 example

{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": {
    "id": "372e67954025e0ba6aaa6d586b9e0b60",
    "action": "block",
    "description": "Blocks traffic identified during investigation for MIR-31",
    "filter": {
      "id": "372e67954025e0ba6aaa6d586b9e0b61",
      "description": "Restrict access from these browsers on this address range.",
      "expression": "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155",
      "paused": false,
      "ref": "FIL-100"
    },
    "paused": false,
    "priority": 50,
    "products": [
      "waf"
    ],
    "ref": "MIR-31"
  },
  "success": true
}