Create a list of IPs or domains
Gateway supports creating lists of IPs, hostnames, or other entries to reference in your policies.
It is likely that you will be onboarding to the Cloudflare platform with some predetermined series of security policies. Maybe you have explicit deny lists based on hostnames, IPs, or another measure that tie to individual users. Maybe some networks can access certain apex records while others cannot.
The best way to migrate to Cloudflare in a way that will simplify ongoing maintenance is to build as many reusable objects as possible. Not only because that makes policy building simpler, but because as those applications, networks, and services organically change and grow, updates to the lists automatically update everywhere that the lists are applied.
To test uploading CSV lists, you can download a sample CSV file of IP address ranges or copy the following into a file:
value,description192.0.2.0/24,This is an IP address range in CIDR format198.51.100.0/24,This is also an IP address range203.0.113.0/24,This is the third IP address rangeWhen you format a CSV file for upload:
- Each line should be a single entry that includes a value and an optional description.
- A header row must be present for Zero Trust to recognize descriptions.
- Trailing whitespace characters are not allowed.
- CRLF (Windows) and LF (Unix) line endings are valid.
To upload the list to Zero Trust:
- In Zero Trust ↗, go to My Team > Lists.
- Select Upload CSV.
- Next, specify a List name, enter an optional description, and choose a List type.
- Drag and drop a file into the CSV file window, or select a file.
- Select Create.
-
Add the following permission to your
cloudflare_api_token↗:Zero Trust Write
-
Decode the contents of the CSV file and store it as a local value:
locals {ip_list = csvdecode(file("${path.module}/list-test.csv"))} -
Create a list using the
cloudflare_zero_trust_list↗ resource:resource "cloudflare_zero_trust_list" "ips_from_csv" {account_id = var.cloudflare_account_idname = "IPs imported from CSV"description = "Managed by Terraform"type = "IP"items = local.ip_list}
You can now use this list in the policy builder by choosing the in list operator.
- In Zero Trust ↗, go to My Team > Lists.
- Select Create manual list.
- Next, specify a List name, enter an optional description, and choose a List type.
- Enter your list element manually into the Add entry field and select Add.
- Select Save.
curl https://api.cloudflare.com/client/v4/accounts/$ACCOUNT_ID/gateway/lists \--header "Content-Type: application/json" \--header "Authorization: Bearer $CLOUDFLARE_API_TOKEN" \--data '{ "description": "Private application IPs", "items": [{"value": "10.226.0.177/32"},{"value": "10.226.1.177/32"}], "name": "Corporate IP list", "type": "IP"}'-
Add the following permission to your
cloudflare_api_token↗:Zero Trust Write
-
Create a list using the
cloudflare_zero_trust_list↗ resource.Example list of IPs:
resource "cloudflare_zero_trust_list" "wiki_IPs" {account_id = var.cloudflare_account_idname = "Company Wiki IP addresses"description = "Managed by Terraform"type = "IP"items = [{description = "Example IP address range"value = "192.0.2.0/24",},{value = "198.51.100.0/24"}]}Example list of domains:
resource "cloudflare_zero_trust_list" "wiki_domains" {account_id = var.cloudflare_account_idname = "Company Wiki Domains"description = "Managed by Terraform"type = "DOMAIN"items = [{value = "wiki.example.com"},{value = "wiki2.example.com"}]}
You can now use this list in the policy builder by choosing the in list operator.
Was this helpful?
- Resources
- API
- New to Cloudflare?
- Products
- Sponsorships
- Open Source
- Support
- Help Center
- System Status
- Compliance
- GDPR
- Company
- cloudflare.com
- Our team
- Careers
- 2025 Cloudflare, Inc.
- Privacy Policy
- Terms of Use
- Report Security Issues
- Trademark