Cloudflare Docs
Logs
Visit Logs on GitHub
Set theme to dark (⇧+D)

Firewall events

The descriptions below detail the fields available for firewall_events.

Field Value Type
Action The code of the first-class action the Cloudflare Firewall took on this request.
Possible actions are unknown | allow | block | challenge | jschallenge | log | connectionclose | challengesolved | challengefailed | challengebypassed | jschallengesolved | jschallengefailed | jschallengebypassed | bypass | managedchallenge | managedchallengeskipped | managedchallengenoninteractivesolved | managedchallengeinteractivesolved | managedchallengebypassed
string
ClientASN The ASN number of the visitor int
ClientASNDescription The ASN of the visitor as string string
ClientCountry Country from which request originated string
ClientIP The visitor’s IP address (IPv4 or IPv6) string
ClientIPClass The classification of the visitor’s IP address, possible values are: unknown | badHost | searchEngine | allowlist | monitoringService | noRecord | scan | tor string
ClientRefererHost The referer host string
ClientRefererPath The referer path requested by visitor string
ClientRefererQuery The referer query-string was requested by the visitor string
ClientRefererScheme The referer URL scheme requested by the visitor string
ClientRequestHost The HTTP hostname requested by the visitor string
ClientRequestMethod The HTTP method used by the visitor string
ClientRequestPath The path requested by visitor string
ClientRequestProtocol The version of HTTP protocol requested by the visitor string
ClientRequestQuery The query-string was requested by the visitor string
ClientRequestScheme The URL scheme requested by the visitor string
ClientRequestUserAgent Visitor’s user-agent string string
Datetime The date and time the event occurred at the edge int or string
EdgeColoCode The airport code of the Cloudflare datacenter that served this request string
EdgeResponseStatus HTTP response status code returned to browser int
Kind The kind of event, currently only possible values are: firewall string
MatchIndex Rules match index in the chain int
Metadata Additional product-specific information. Metadata is organized in key:value pairs. Key and Value formats can vary by Cloudflare security product and can change over time object
OriginResponseStatus HTTP origin response status code returned to browser int
OriginatorRayID The RayID of the request that issued the challenge/jschallenge string
RayID The RayID of the request string
RuleID The Cloudflare security product-specific RuleID triggered by this request string
Source The Cloudflare security product triggered by this request.
Possible sources are unknown | asn | country | ip | iprange | securitylevel | zonelockdown | waf | firewallrules | uablock | ratelimit | bic | hot | l7ddos | botfight | apishield | botmanagement | dlp | firewallmanaged | firewallcustom
string