Skip to content
Logs
Visit Logs on GitHub
Set theme to dark (⇧+D)

Firewall events

The descriptions below detail the fields available for firewall_events.

FieldValueType
ActionThe code of the first-class action the Cloudflare Firewall took on this request.
Possible actions are unknown | allow | block | challenge | jschallenge | log | connectionclose | challengesolved | challengefailed | challengebypassed | jschallengesolved | jschallengefailed | jschallengebypassed | bypass | managedchallenge | managedchallengeskipped | managedchallengenoninteractivesolved | managedchallengeinteractivesolved | managedchallengebypassed
string
ClientASNThe ASN number of the visitorint
ClientASNDescriptionThe ASN of the visitor as stringstring
ClientCountryCountry from which request originatedstring
ClientIPThe visitor's IP address (IPv4 or IPv6)string
ClientIPClassThe classification of the visitor's IP address, possible values are: unknown | clean | badHost | searchEngine | allowlist | greylist | monitoringService | securityScanner | noRecord | scan | backupService | mobilePlatform | torstring
ClientRefererHostThe referer hoststring
ClientRefererPathThe referer path requested by visitorstring
ClientRefererQueryThe referer query-string was requested by the visitorstring
ClientRefererSchemeThe referer URL scheme requested by the visitorstring
ClientRequestHostThe HTTP hostname requested by the visitorstring
ClientRequestMethodThe HTTP method used by the visitorstring
ClientRequestPathThe path requested by visitorstring
ClientRequestProtocolThe version of HTTP protocol requested by the visitorstring
ClientRequestQueryThe query-string was requested by the visitorstring
ClientRequestSchemeThe URL scheme requested by the visitorstring
ClientRequestUserAgentVisitor's user-agent stringstring
DatetimeThe date and time the event occurred at the edgeint or string
EdgeColoCodeThe airport code of the Cloudflare datacenter that served this requeststring
EdgeResponseStatusHTTP response status code returned to browserint
KindThe kind of event, currently only possible values are: firewallstring
MatchIndexRules match index in the chainint
MetadataAdditional product-specific information. Metadata is organized in key:value pairs. Key and Value formats can vary by Cloudflare security product and can change over timeobject
OriginResponseStatusHTTP origin response status code returned to browserint
OriginatorRayIDThe RayID of the request that issued the challenge/jschallengestring
RayIDThe RayID of the requeststring
RuleIDThe Cloudflare security product-specific RuleID triggered by this requeststring
SourceThe Cloudflare security product triggered by this request.
Possible sources are unknown | asn | country | ip | iprange | securitylevel | zonelockdown | waf | firewallrules | uablock | ratelimit | bic | hot | l7ddos | validation | botfight | apishield | botmanagement | dlp | firewallmanaged | firewallcustom
string