Skip to content
Cloudflare API
Start here
API Reference
Firewall

Rules

resource cloudflare_firewall_rule

required Expand Collapse
zone_id: String

Defines an identifier.

action: Attributes

The action to perform when the threshold of matched traffic within the configured period is exceeded.

mode?: String

The action to perform.

response?: Attributes

A custom content type and reponse to return when the threshold is exceeded. The custom response configured in this object will override the custom error for the zone. This object is optional. Notes: If you omit this object, Cloudflare will use the default HTML error page. If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone challenge pages and you should not provide the "response" object.

body?: String

The response body to return. The value must conform to the configured content type.

content_type?: String

The content type of the body. Must be one of the following: text/plain, text/xml, or application/json.

timeout?: Float64

The time in seconds during which Cloudflare will perform the mitigation action. Must be an integer value greater than or equal to the period. Notes: If "mode" is "challenge", "managed_challenge", or "js_challenge", Cloudflare will use the zone's Challenge Passage time and you should not provide this value.

filter: Attributes
id: String

The unique identifier of the filter.

description?: String

An informative summary of the filter.

expression?: String

The filter expression. For more information, refer to Expressions.

paused?: Bool

When true, indicates that the filter is currently paused.

ref?: String

A short reference tag. Allows you to select related filters.

computed Expand Collapse
id: String

The unique identifier of the firewall rule.

description: String

An informative summary of the firewall rule.

paused: Bool

When true, indicates that the firewall rule is currently paused.

priority: Float64

The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority.

ref: String

A short reference tag. Allows you to select related firewall rules.

products: List[String]

cloudflare_firewall_rule

resource "cloudflare_firewall_rule" "example_firewall_rule" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  action = {
    mode = "challenge"
    response = {
      body = "<error>This request has been rate-limited.</error>"
      content_type = "text/xml"
    }
    timeout = 86400
  }
  filter = {
    description = "Restrict access from these browsers on this address range."
    expression = "(http.request.uri.path ~ \".*wp-login.php\" or http.request.uri.path ~ \".*xmlrpc.php\") and ip.addr ne 172.16.22.155"
    paused = false
    ref = "FIL-100"
  }
}

data cloudflare_firewall_rule

required Expand Collapse
zone_id: String

Defines an identifier.

optional Expand Collapse
rule_id?: String

The unique identifier of the firewall rule.

computed Expand Collapse
id: String

The unique identifier of the firewall rule.

action: String

The action to apply to a matched request. The log action is only available on an Enterprise plan.

description: String

An informative summary of the firewall rule.

paused: Bool

When true, indicates that the firewall rule is currently paused.

priority: Float64

The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority.

ref: String

A short reference tag. Allows you to select related firewall rules.

products: List[String]

cloudflare_firewall_rule

data "cloudflare_firewall_rule" "example_firewall_rule" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  rule_id = "372e67954025e0ba6aaa6d586b9e0b60"
}

data cloudflare_firewall_rules

required Expand Collapse
zone_id: String

Defines an identifier.

optional Expand Collapse
action?: String

The action to search for. Must be an exact match.

description?: String

A case-insensitive string to find in the description.

id?: String

The unique identifier of the firewall rule.

paused?: Bool

When true, indicates that the firewall rule is currently paused.

max_items?: Int64

Max items to fetch, default: 1000

computed Expand Collapse
result: List[Attributes]

The items returned by the data source

id: String

The unique identifier of the firewall rule.

action: String

The action to apply to a matched request. The log action is only available on an Enterprise plan.

description: String

An informative summary of the firewall rule.

filter: Attributes
id: String

The unique identifier of the filter.

description: String

An informative summary of the filter.

expression: String

The filter expression. For more information, refer to Expressions.

paused: Bool

When true, indicates that the filter is currently paused.

ref: String

A short reference tag. Allows you to select related filters.

deleted: Bool

When true, indicates that the firewall rule was deleted.

paused: Bool

When true, indicates that the firewall rule is currently paused.

priority: Float64

The priority of the rule. Optional value used to define the processing order. A lower number indicates a higher priority. If not provided, rules with a defined priority will be processed before rules without a priority.

products: List[String]
ref: String

A short reference tag. Allows you to select related firewall rules.

cloudflare_firewall_rules

data "cloudflare_firewall_rules" "example_firewall_rules" {
  zone_id = "023e105f4ecef8ad9ca31a8372d0c353"
  id = "372e67954025e0ba6aaa6d586b9e0b60"
  action = "block"
  description = "mir"
  paused = false
}