Skip to content
Cloudflare API
Start here
API Reference
Firewall
WAF
Packages
Rules

List WAF rules

Deprecated
firewall.waf.packages.rules.list(strpackage_id, RuleListParams**kwargs) -> SyncV4PagePaginationArray[RuleListResponse]
GET/zones/{zone_id}/firewall/waf/packages/{package_id}/rules

Fetches WAF rules in a WAF package.

Note: Applies only to the previous version of WAF managed rules.

Security
API Token

The preferred authorization scheme for interacting with the Cloudflare API. Create a token.

Example:Authorization: Bearer Sn3lZJTBX6kkg7OdcBUAxOO963GEIyGQqnFTOFYY
API Email + API Key

The previous authorization scheme for interacting with the Cloudflare API, used in conjunction with a Global API key.

Example:X-Auth-Email: user@example.com

The previous authorization scheme for interacting with the Cloudflare API. When possible, use API tokens instead of Global API keys.

Example:X-Auth-Key: 144c9defac04969c7bfad8efaa8ea194
Accepted Permissions (at least one required)
Firewall Services WriteFirewall Services Read
ParametersExpand Collapse
zone_id: str

Defines an identifier of a schema.

maxLength32
package_id: str

Defines the unique identifier of a WAF package.

maxLength32
description: Optional[str]

Defines the public description of the WAF rule.

direction: Optional[Literal["asc", "desc"]]

Defines the direction used to sort returned rules.

One of the following:
"asc"
"desc"
group_id: Optional[str]

Defines the unique identifier of the rule group.

maxLength32
match: Optional[Literal["any", "all"]]

Defines the search requirements. When set to all, all the search requirements must match. When set to any, only one of the search requirements has to match.

One of the following:
"any"
"all"
mode: Optional[Literal["DIS", "CHL", "BLK", "SIM"]]

Defines the action/mode a rule has been overridden to perform.

One of the following:
"DIS"
"CHL"
"BLK"
"SIM"
order: Optional[Literal["priority", "group_id", "description"]]

Defines the field used to sort returned rules.

One of the following:
"priority"
"group_id"
"description"
page: Optional[float]

Defines the page number of paginated results.

minimum1
per_page: Optional[float]

Defines the number of rules per page.

maximum100
minimum5
priority: Optional[str]

Defines the order in which the individual WAF rule is executed within its rule group.

ReturnsExpand Collapse
RuleListResponse

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

One of the following:
class WAFManagedRulesAnomalyRule:

When triggered, anomaly detection WAF rules contribute to an overall threat score that will determine if a request is considered malicious. You can configure the total scoring threshold through the ‘sensitivity’ property of the WAF package.

id: str

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: List[AllowedModesAnomaly]

Defines the available modes for the current WAF rule. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

id: Optional[str]

Defines the unique identifier of the rule group.

maxLength32
name: Optional[str]

Defines the name of the rule group.

mode: AllowedModesAnomaly

Defines the mode anomaly. When set to on, the current WAF rule will be used when evaluating the request. Applies to anomaly detection WAF rules.

One of the following:
"on"
"off"
package_id: str

Defines the unique identifier of a WAF package.

maxLength32
priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

class WAFManagedRulesTraditionalDenyRule:

When triggered, traditional WAF rules cause the firewall to immediately act upon the request based on the configuration of the rule. A ‘deny’ rule will immediately respond to the request based on the configured rule action/mode (for example, ‘block’) and no other rules will be processed.

id: str

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: List[Literal["default", "disable", "simulate", 2 more]]

Defines the list of possible actions of the WAF rule when it is triggered.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
default_mode: Literal["disable", "simulate", "block", "challenge"]

Defines the default action/mode of a rule.

One of the following:
"disable"
"simulate"
"block"
"challenge"
description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

id: Optional[str]

Defines the unique identifier of the rule group.

maxLength32
name: Optional[str]

Defines the name of the rule group.

mode: Literal["default", "disable", "simulate", 2 more]

Defines the action that the current WAF rule will perform when triggered. Applies to traditional (deny) WAF rules.

One of the following:
"default"
"disable"
"simulate"
"block"
"challenge"
package_id: str

Defines the unique identifier of a WAF package.

maxLength32
priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

class WAFManagedRulesTraditionalAllowRule:

When triggered, traditional WAF rules cause the firewall to immediately act on the request based on the rule configuration. An ‘allow’ rule will immediately allow the request and no other rules will be processed.

id: str

Defines the unique identifier of the WAF rule.

maxLength32
allowed_modes: List[Literal["on", "off"]]

Defines the available modes for the current WAF rule.

One of the following:
"on"
"off"
description: str

Defines the public description of the WAF rule.

group: WAFRuleGroup

Defines the rule group to which the current WAF rule belongs.

id: Optional[str]

Defines the unique identifier of the rule group.

maxLength32
name: Optional[str]

Defines the name of the rule group.

mode: Literal["on", "off"]

When set to on, the current rule will be used when evaluating the request. Applies to traditional (allow) WAF rules.

One of the following:
"on"
"off"
package_id: str

Defines the unique identifier of a WAF package.

maxLength32
priority: str

Defines the order in which the individual WAF rule is executed within its rule group.

List WAF rules

import os
from cloudflare import Cloudflare

client = Cloudflare(
    api_token=os.environ.get("CLOUDFLARE_API_TOKEN"),  # This is the default and can be omitted
)
page = client.firewall.waf.packages.rules.list(
    package_id="a25a9a7e9c00afc1fb2e0245519d725b",
    zone_id="023e105f4ecef8ad9ca31a8372d0c353",
)
page = page.result[0]
print(page)
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "f939de3be84e66e757adcdcb87908023",
      "allowed_modes": [
        "on",
        "off"
      ],
      "description": "SQL injection prevention for SELECT statements",
      "group": {
        "id": "de677e5818985db1285d0e80225f06e5",
        "name": "Project Honey Pot"
      },
      "mode": "on",
      "package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
      "priority": "priority"
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}
Returns Examples
{
  "errors": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "messages": [
    {
      "code": 1000,
      "message": "message",
      "documentation_url": "documentation_url",
      "source": {
        "pointer": "pointer"
      }
    }
  ],
  "result": [
    {
      "id": "f939de3be84e66e757adcdcb87908023",
      "allowed_modes": [
        "on",
        "off"
      ],
      "description": "SQL injection prevention for SELECT statements",
      "group": {
        "id": "de677e5818985db1285d0e80225f06e5",
        "name": "Project Honey Pot"
      },
      "mode": "on",
      "package_id": "a25a9a7e9c00afc1fb2e0245519d725b",
      "priority": "priority"
    }
  ],
  "success": true,
  "result_info": {
    "count": 1,
    "page": 1,
    "per_page": 20,
    "total_count": 2000
  }
}