Can I delete all IP Access rules at once?

Answer these questions to help the Community help you with Security questions.

What is the domain name?

Have you searched for an answer?
Yes

When you tested your domain, what were the results?
NA

Describe the issue you are having:
I used to use a firewall service that added over 5,000 IP Access rules. I’m getting errors about REST API on my website and the WAF log shows the issues are from managed rules. I have a free account, so I can’t use managed rule sets. These IP Access rules must be causing the issue. I started removing them one by one, but with over 5,000 it will take forever? Is there any way to select all/delete or similar?

What error message or number are you receiving?
REST API is receiving a 403 forbidden error

You can use the API to generate a list of all the rules’ IDs:

https://developers.cloudflare.com/api/operations/ip-access-rules-for-an-account-list-ip-access-rules

And then loop through all the Rule IDs, deleting each one:

https://developers.cloudflare.com/api/operations/ip-access-rules-for-an-account-delete-an-ip-access-rule

I don’t have a specific script for that, but here’s a basic looping script that you can modify:

#!/bin/bash

CF_AUTH_EMAIL="EMAIL_ADDRESS"
CF_AUTH_KEY="GLOBAL_API_KEY"

ZONE_IDS=`
curl -s --request GET \
  --url https://api.cloudflare.com/client/v4/zones \
  --header "Content-Type: application/json" \
  --header "X-Auth-Email: ${CF_AUTH_EMAIL}" \
  --header "X-Auth-Key: ${CF_AUTH_KEY}" \
 | jq -r '.result[] | "\(.id)"'
`

for zone_id in ${ZONE_IDS}; do 
	dns_data=`
curl -s --request GET \
  --url https://api.cloudflare.com/client/v4/zones/${zone_id}/dns_records \
  --header "Content-Type: application/json" \
  --header "X-Auth-Email: ${CF_AUTH_EMAIL}" \
  --header "X-Auth-Key: ${CF_AUTH_KEY}" \
| jq .
`
	echo -E "${dns_data}"
done
1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.