Can't edit/update firewall black IP's

Hello Cloudflare Community,

I’m encountering an issue when trying to update a firewall rule using the Cloudflare API. Specifically, I’m using a PUT request to modify a rule, but while I can change certain fields like the rule’s description and action, I’m unable to update or add IP addresses in the rule’s filter expression.

Here’s the API call I’m making:{ZONEID}/firewall/rules/{RULEID}

Payload: { "id": "RULEID", "paused": false, "description": "Alleen bekende IP's", "action": "block", "priority": null, "filter": { "id": "FILTERID", "expression": "(http.request.full_uri contains '' and ip.src ne and ip.src ne and ip.src ne", "paused": false, "description": "API TEST" } }

Note: In the payload, I’ve replaced my actual IP addresses and URL with fictional ones ( and for privacy reasons.

Issue: When I send this request, fields like description and action update successfully. However, the IP addresses in the expression field of the filter object do not update. I’ve tried various formats and syntaxes, but no luck so far.

Has anyone faced a similar issue or can offer any insights on why the filter expression isn’t updating, especially the IP addresses part? Any guidance or suggestions would be greatly appreciated.

Thank you in advance for your help!

You need to update the filter. Here are the two steps I use for updating my ASN rule:

# Get Filter ID
filterID=`curl -sX GET "$zoneID/firewall/rules?description=asn" \
     -H "X-Auth-Email: $email" \
     -H "X-Auth-Key: $key" \
     -H "Content-Type: application/json" \
     | jq -r .result[]`
curl -sX PUT \
     -H "X-Auth-Email: $email" \
     -H "X-Auth-Key: $key" \
     -H "Content-Type: application/json" \
     -d '{
    "id": "'"$filterID"'",
    "paused": false,
    "description": "ASN",
    "expression": "(MY EXPRESSION GOES HERE)"
}' "$zoneID/filters/$filterID"
1 Like

@sdayman Thanks, that worked. It was the URL.

I used{ZONEID}/firewall/rules/{RULEID} before and it had to be$zoneID/filters/$filterID

1 Like

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.