- API Shield Endpoint Management
- API Shield Settings
- ASN Intelligence
- Access Bookmark applications (Deprecated)
- Access applications
- Access authentication logs
- Access groups
- Access identity providers
- Access key configuration
- Access mTLS authentication
- Access policies
- Access service tokens
- Access short-lived certificate CAs
- Account Billing Profile
- Account Load Balancer Monitors
- Account Load Balancer Pools
- Account Load Balancer Search
- Account Members
- Account Railguns
- Account Roles
- Account Rulesets
- List account rulesets
- Create an account ruleset
- Get an account entry point ruleset
- Update an account entry point ruleset
- List an account entry point ruleset's versions
- Get an account entry point ruleset version
- Delete an account ruleset
- Get an account ruleset
- Update an account ruleset
- Create an account ruleset rule
- Delete an account ruleset rule
- Update an account ruleset rule
- List an account ruleset's versions
- Delete an account ruleset version
- Get an account ruleset version
- List an account ruleset version's rules by tag
- Account Subscriptions
- Account-Level Custom Nameservers
- Account-Level Custom Nameservers Usage for a Zone
- Accounts
- Analyze Certificate
- Argo Analytics for Geolocation
- Argo Analytics for Zone
- Argo Smart Routing
- Argo Tunnel
- Audit Logs
- Available Page Rules settings
- Cache Rules
- Certificate Packs
- Client
- Cloudflare IPs
- Cloudflare Images
- Cloudflare Images Keys
- Cloudflare Images Variants
- Cloudflare Tunnel
- Cloudflare Tunnel configuration
- Config Rules
- Custom Error Responses
- Custom Hostname Fallback Origin for a Zone
- Custom Hostname for a Zone
- Custom SSL for a Zone
- Custom pages for a zone
- Custom pages for an account
- DLP Pattern Validation
- DLP Profiles
- DNS Analytics
- DNS Firewall
- DNS Firewall (Legacy)
- DNS Firewall Analytics
- DNS Firewall Analytics (Legacy)
- DNS Records for a Zone
- DNSSEC
- Device Managed Networks
- Device Posture Integrations
- Device Posture Rules
- Devices
- List Devices
- List Device Settings Policies
- Get Default Device Settings Policy
- Update Default Device Settings Policy
- Create Device Settings Policy
- Get Split Tunnel Exclude List
- Set Split Tunnel Exclude List
- Get Local Domain Fallback List
- Set Local Domain Fallback List
- Get Split Tunnel Include List
- Set Split Tunnel Include List
- Delete Device Settings Policy
- Get Device Settings Policy by ID
- Update Device Settings Policy
- Get Split Tunnel Exclude List for a Device Settings Policy
- Set Split Tunnel Exclude List for a Device Settings Policy
- Get Local Domain Fallback List for a Device Settings Policy
- Set Local Domain Fallback List for a Device Settings Policy
- Get Split Tunnel Include List for a Device Settings Policy
- Set Split Tunnel Include List for a Device Settings Policy
- Revoke Devices
- Unrevoke Devices
- Device Details
- List Admin Override code for device
- Diagnostics
- Domain History
- Domain Intelligence
- Durable Objects Namespace
- Email Routing destination addresses
- Email Routing routing rules
- Email Routing settings
- Filters
- Firewall rules
- Health Checks
- IP Access rules for a user
- IP Access rules for a zone
- IP Access rules for an account
- IP Address Management Address Maps
- Remove an account membership from an Address Map
- Add an account membership to an Address Map
- List Address Maps
- Create Address Map
- Delete Address Map
- Address Map Details
- Update Address Map
- Remove an IP from an Address Map
- Add an IP to an Address Map
- Remove a zone membership from an Address Map
- Add a zone membership to an Address Map
- IP Address Management Dynamic Advertisement
- IP Address Management Prefix Delegation
- IP Address Management Prefixes
- IP Intelligence
- IP List
- Keyless SSL for a Zone
- Lists
- Load Balancer Healthcheck Events
- Load Balancer Monitors
- Load Balancer Pools
- Load Balancer Regions
- Load Balancers
- Logpush Jobs
- Logs Received
- Magic GRE tunnels
- Magic IPsec tunnels
- Magic Interconnects
- Magic Network Monitoring Configuration
- Magic Network Monitoring Rules
- Magic PCAP collection
- Magic Static Routes
- Managed Transforms
- Miscategorization
- Notification Alert Types
- Notification History
- Notification Mechanism Eligibility
- Notification destinations with PagerDuty
- Notification policies
- Notification webhooks
- Organization Invites
- Organization Members
- Organization Railgun
- Organization Roles
- Organizations (Deprecated)
- Origin CA
- Origin Rules
- Page Rules
- Page Shield
- Pages Deployment
- Pages Domains
- Pages Project
- Passive DNS by IP
- Per-hostname Authenticated Origin Pull
- Permission Groups
- Phishing URL Information
- Phishing URL Scanner
- Queue
- R2 Bucket
- Radar Annotations
- Radar Attacks
- Get a summary of layer 3 attacks
- Get layer 3 attacks time series
- Get layer 3 attacks by network protocol, over time
- Get a summary of layer 7 attacks
- Get attacks layer 7 time series
- Get layer 7 attacks by mitigation technique, over time
- Get layer 7 top origin ASes
- Get layer 7 top attack pairs (origin and target locations)
- Get layer 7 top origin locations
- Get layer 7 top target locations
- Radar BGP
- Radar DNS
- Radar Datasets
- Radar Entities
- Radar Http
- Get a summary of bot classes
- Get a summary of device types
- Get a summary of HTTP protocols
- Get a summary of HTTP versions
- Get a summary of IP versions
- Get a summary of operating systems
- Get a summary of TLS versions
- Get time series of bot classes
- Get time series of user agents
- Get time series of user agents aggregated in families
- Get time series of device types
- Get time series of HTTP protocols
- Get time series of HTTP versions
- Get time series of IP versions
- Get time series of operating systems
- Get time series of TLS versions
- Get top autonomous systems by HTTP requests
- Get top autonomous systems by bot class
- Get top autonomous systems by device type
- Get top autonomous systems by HTTP protocol
- Get top autonomous systems by HTTP version
- Get top autonomous systems by IP version
- Get top autonomous systems by operating system
- Get top autonomous systems by TLS version
- Get top user agents aggregated in families by HTTP requests
- Get top user agents by HTTP requests
- Get top locations by HTTP requests
- Get top locations by bot class
- Get top locations by device type
- Get top locations by HTTP protocol
- Get top locations by HTTP version
- Get top locations by IP version
- Get top locations by operating system
- Get top locations by TLS version
- Radar Netflows
- Radar Ranking
- Radar Search
- Radar Special Events
- Radar Verified Bots
- Railgun
- Railgun Connections
- Railgun Connections for a Zone
- Rate limits for a zone
- Registrar Domains
- SSL Verification
- SSL
- Secondary DNS (ACL)
- Secondary DNS (Peer)
- Secondary DNS (Primary Zone)
- Secondary DNS (Secondary Zone)
- Secondary DNS (TSIG)
- Single Redirect Rules
- Spectrum Aggregate Analytics
- Spectrum Analytics (By Time)
- Spectrum Analytics (Summary)
- Spectrum Applications
- Stream Live Inputs
- Stream MP4 Downloads
- Stream Signing Keys
- Stream Subtitles
- Stream Video Clipping
- Stream Videos
- Stream Watermark Profile
- Stream Webhook
- Total TLS
- Transform Rules
- Tunnel Virtual Network
- Tunnel route
- URL Normalization
- Universal SSL Settings for a Zone
- User
- User API Tokens
- User Agent Blocking rules
- User Billing History
- User Billing Profile
- User Subscription
- User's Account Memberships
- User's Invites
- User's Organizations
- WAF overrides
- WAF packages
- WAF rule groups
- WAF rules
- WHOIS Record
- Waiting Room
- List waiting rooms
- Create waiting room
- Create a custom waiting room page preview
- Delete waiting room
- Waiting room details
- Patch waiting room
- Update waiting room
- List events
- Create event
- Delete event
- Event details
- Patch event
- Update event
- Preview active event details
- List Waiting Room Rules
- Create Waiting Room Rule
- Replace Waiting Room Rules
- Delete Waiting Room Rule
- Patch Waiting Room Rule
- Get waiting room status
- Web3 Hostname
- List Web3 Hostnames
- Create Web3 Hostname
- Delete Web3 Hostname
- Web3 Hostname Details
- Edit Web3 Hostname
- IPFS Universal Path Gateway Content List Details
- Update IPFS Universal Path Gateway Content List
- List IPFS Universal Path Gateway Content List Entries
- Create IPFS Universal Path Gateway Content List Entry
- Delete IPFS Universal Path Gateway Content List Entry
- IPFS Universal Path Gateway Content List Entry Details
- Edit IPFS Universal Path Gateway Content List Entry
- Worker Account Settings
- Worker Binding (Deprecated)
- Worker Cron Trigger
- Worker Deployments
- Worker Domain
- Worker Filters (Deprecated)
- Worker Routes
- Worker Script
- Worker Script (Deprecated)
- Worker Subdomain
- Worker Tail Logs
- Workers KV Namespace
- Workers KV Request Analytics
- Workers KV Stored Data Analytics
- Zero Trust Gateway Application and Application Type mappings
- Zero Trust Gateway Categories
- Zero Trust Gateway Locations
- Zero Trust Gateway Proxy Endpoints
- Zero Trust Gateway Rules
- Zero Trust Lists
- Zero Trust accounts
- Get device settings for Zero Trust account
- Update device settings for the Zero Trust account
- Get Zero Trust account information
- Create Zero Trust account
- Get Zero Trust account configuration
- Update Zero Trust account configuration
- Get logging settings for the Zero Trust account
- Update logging settings for the Zero Trust account
- Zero Trust organization
- Zero Trust seats
- Zero Trust users
- Zone
- Zone Analytics (Deprecated)
- Zone Cache Settings
- Zone Lockdown
- Zone Rate Plan
- Zone Rulesets
- List zone rulesets
- Create a zone ruleset
- Get a zone entry point ruleset
- Update a zone entry point ruleset
- List a zone entry point ruleset's versions
- Get a zone entry point ruleset version
- Delete a zone ruleset
- Get a zone ruleset
- Update a zone ruleset
- Create a zone ruleset rule
- Delete a zone ruleset rule
- Update a zone ruleset rule
- List a zone ruleset's versions
- Delete a zone ruleset version
- Get a zone ruleset version
- Zone Settings
- Get all Zone settings
- Edit zone settings info
- Get 0-RTT session resumption setting
- Change 0-RTT session resumption setting
- Get Advanced DDOS setting
- Get Always Online setting
- Change Always Online setting
- Get Always Use HTTPS setting
- Change Always Use HTTPS setting
- Get Automatic HTTPS Rewrites setting
- Change Automatic HTTPS Rewrites setting
- Get Automatic Platform Optimization for WordPress settings
- Change Automatic Platform Optimization for WordPress settings
- Get Brotli setting
- Change Brotli setting
- Get Browser Cache TTL setting
- Change Browser Cache TTL setting
- Get Browser Check setting
- Change Browser Check setting
- Get Cache Level setting
- Change Cache Level setting
- Get Challenge TTL setting
- Change Challenge TTL setting
- Get ciphers setting
- Change ciphers setting
- Get Development Mode setting
- Change Development Mode setting
- Get Early Hints setting
- Change Early Hints setting
- Get Email Obfuscation setting
- Change Email Obfuscation setting
- Get HTTP/2 Edge Prioritization setting
- Change HTTP/2 Edge Prioritization setting
- Get Hotlink Protection setting
- Change Hotlink Protection setting
- Get HTTP2 setting
- Change HTTP2 setting
- Get HTTP3 setting
- Change HTTP3 setting
- Get Image Resizing setting
- Change Image Resizing setting
- Get IP Geolocation setting
- Change IP Geolocation setting
- Get IPv6 setting
- Change IPv6 setting
- Get Minimum TLS Version setting
- Change Minimum TLS Version setting
- Get Minify setting
- Change Minify setting
- Get Mirage setting
- Change Mirage setting
- Get Mobile Redirect setting
- Change Mobile Redirect setting
- Get Network Error Logging setting
- Change Network Error Logging setting
- Get Opportunistic Encryption setting
- Change Opportunistic Encryption setting
- Get Opportunistic Onion setting
- Change Opportunistic Onion setting
- Get Orange to Orange (O2O)
- Change Orange to Orange (O2O)
- Get Enable Error Pages On setting
- Change Enable Error Pages On setting
- Get Origin Max HTTP version setting
- Change Origin Max HTTP version setting
- Get Polish setting
- Change Polish setting
- Get prefetch preload setting
- Change prefetch preload setting
- Get Privacy Pass setting
- Change Privacy Pass setting
- Get Proxy Read Timeout setting
- Change Proxy Read Timeout setting
- Get Pseudo IPv4 setting
- Change Pseudo IPv4 setting
- Get Response Buffering setting
- Change Response Buffering setting
- Get Rocket Loader setting
- Change Rocket Loader setting
- Get Security Header (HSTS) setting
- Change Security Header (HSTS) setting
- Get Security Level setting
- Change Security Level setting
- Get Server Side Exclude setting
- Change Server Side Exclude setting
- Get Enable Query String Sort setting
- Change Enable Query String Sort setting
- Get SSL setting
- Change SSL setting
- Get SSL/TLS Recommender enrollment
- Change SSL/TLS Recommender enrollment
- Get TLS 1.3 setting enabled for a zone
- Change TLS 1.3 setting
- Get TLS Client Auth setting
- Change TLS Client Auth setting
- Get True Client IP setting
- Change True Client IP setting
- Get Web Application Firewall (WAF) setting
- Change Web Application Firewall (WAF) setting
- Get WebP setting
- Change WebP setting
- Get WebSockets setting
- Change WebSockets setting
- Zone Subscription
- Zone-Level Access applications
- Zone-Level Access groups
- Zone-Level Access identity providers
- Zone-Level Access mTLS authentication
- Zone-Level Access policies
- Zone-Level Access service tokens
- Zone-Level Access short-lived certificate CAs
- Zone-Level Authenticated Origin Pulls
- Zone-Level Zero Trust organization
- mTLS Certificate Management
Update Zero Trust Gateway Rule
PUT
https://api.cloudflare.com/client/v4/accounts/{identifier}/gateway/rules/{uuid}
Last modified:2022-12-16 13:48:36
Request
Path Params
uuid
stringÂ
required
identifier
stringÂ
required
Body Params application/json
action
enum<string>Â
required
Allowed values:
onoffallowblockscannoscansafesearchytrestrictedisolatenoisolateoverridel4_override
Example:
allow
description
stringÂ
optional
Example:
Block the bad websites based on host name
device_posture
stringÂ
optional
Example:
any(device_posture.checks.passed[*] in {"1308749e-fcfb-4ebc-b051-fe022b632644"})
enabled
booleanÂ
optional
Example:
true
filters
array[string]
optional
Allowed values:
httpdnsl4
Example:
["http"]
identity
stringÂ
optional
Example:
any(identity.groups.name[*] in {"finance"})
name
stringÂ
required
Example:
block bad websites
precedence
integerÂ
optional
rule_settings
object (rule-settings)Â
optional
add_headers
objectÂ
optional
Example:
{"My-Next-Header":["foo","bar"],"X-Custom-Header-Name":["somecustomvalue"]}
biso_admin_controls
objectÂ
optional
block_page_enabled
booleanÂ
optional
Example:
true
block_reason
stringÂ
optional
Example:
This website is a security risk
check_session
objectÂ
optional
insecure_disable_dnssec_validation
booleanÂ
optional
Example:
false
ip_categories
booleanÂ
optional
Example:
true
l4override
objectÂ
optional
override_host
stringÂ
optional
Example:
example.com
override_ips
array[string]
optional
Example:
["1.1.1.1","2.2.2.2"]
traffic
stringÂ
optional
Example:
http.request.uri matches ".*a/partial/uri.*" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10
Example
{
"action": "allow",
"description": "Block the bad websites based on host name",
"device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
"enabled": true,
"filters": [
"http"
],
"identity": "any(identity.groups.name[*] in {\"finance\"})",
"name": "block bad websites",
"precedence": 0,
"rule_settings": {
"add_headers": {
"My-Next-Header": [
"foo",
"bar"
],
"X-Custom-Header-Name": [
"somecustomvalue"
]
},
"biso_admin_controls": {
"dcp": false,
"dd": false,
"dk": false,
"dp": false,
"du": false
},
"block_page_enabled": true,
"block_reason": "This website is a security risk",
"check_session": {
"duration": "300s",
"enforce": true
},
"insecure_disable_dnssec_validation": false,
"ip_categories": true,
"l4override": {
"ip": "1.1.1.1",
"port": 0
},
"override_host": "example.com",
"override_ips": [
"1.1.1.1",
"2.2.2.2"
]
},
"traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
}Request samples
Shell
JavaScript
Java
Swift
Go
PHP
Python
HTTP
C
C#
Objective-C
Ruby
OCaml
Dart
R
Request Request Example
Shell
JavaScript
Java
Swift
curl --location --request PUT 'https://api.cloudflare.com/client/v4/accounts//gateway/rules/' \
--header 'Content-Type: application/json' \
--data-raw '{
"action": "allow",
"description": "Block the bad websites based on host name",
"device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
"enabled": true,
"filters": [
"http"
],
"identity": "any(identity.groups.name[*] in {\"finance\"})",
"name": "block bad websites",
"precedence": 0,
"rule_settings": {
"add_headers": {
"My-Next-Header": [
"foo",
"bar"
],
"X-Custom-Header-Name": [
"somecustomvalue"
]
},
"biso_admin_controls": {
"dcp": false,
"dd": false,
"dk": false,
"dp": false,
"du": false
},
"block_page_enabled": true,
"block_reason": "This website is a security risk",
"check_session": {
"duration": "300s",
"enforce": true
},
"insecure_disable_dnssec_validation": false,
"ip_categories": true,
"l4override": {
"ip": "1.1.1.1",
"port": 0
},
"override_host": "example.com",
"override_ips": [
"1.1.1.1",
"2.2.2.2"
]
},
"traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10"
}'Responses
🟢200Update Zero Trust Gateway Rule response
application/json
Body
allOf {2}Â
optional
object (api-response-single)Â
optional
errors
array [object {2}]Â
messages
Example:
[]
messages
array [object {2}]Â
messages
Example:
[]
result
required
success
enum<boolean>Â
required
Allowed value:
true
Example:
true
objectÂ
optional
result
object (rules_components-schemas-rules)Â
optional
Example
{
"errors": [],
"messages": [],
"result": {
"action": "allow",
"created_at": "2014-01-01T05:20:00.12345Z",
"deleted_at": "2019-08-24T14:15:22Z",
"description": "Block the bad websites based on host name",
"device_posture": "any(device_posture.checks.passed[*] in {\"1308749e-fcfb-4ebc-b051-fe022b632644\"})",
"enabled": true,
"filters": [
"http"
],
"id": "f174e90a-fafe-4643-bbbc-4a0ed4fc8415",
"identity": "any(identity.groups.name[*] in {\"finance\"})",
"name": "block bad websites",
"precedence": 0,
"rule_settings": {
"add_headers": {
"My-Next-Header": [
"foo",
"bar"
],
"X-Custom-Header-Name": [
"somecustomvalue"
]
},
"biso_admin_controls": {
"dcp": false,
"dd": false,
"dk": false,
"dp": false,
"du": false
},
"block_page_enabled": true,
"block_reason": "This website is a security risk",
"check_session": {
"duration": "300s",
"enforce": true
},
"insecure_disable_dnssec_validation": false,
"ip_categories": true,
"l4override": {
"ip": "1.1.1.1",
"port": 0
},
"override_host": "example.com",
"override_ips": [
"1.1.1.1",
"2.2.2.2"
]
},
"traffic": "http.request.uri matches \".*a/partial/uri.*\" and http.request.host in $01302951-49f9-47c9-a400-0297e60b6a10",
"updated_at": "2014-01-01T05:20:00.12345Z"
},
"success": true
}🟢200Update Zero Trust Gateway Rule response failure
Modified at 2022-12-16 13:48:36