Delete an IP access rule API?

Hello,

I easily managed to add an IP to ban through fail2ban with this command:

curl -X DELETE "https://api.cloudflare.com/client/v4/zones/xxx/firewall/access_rules/rules" \
     -H "X-Auth-Email: xxx" \
     -H "Authorization: Bearer xxx" \
     -H "Content-Type: application/json" \
     --data '{"mode":"block","configuration":{"target":"ip","value":"<ip>"},"notes":"This rule is on because of an event that occured on date X"}'

However, I did not find the curl command to execute to remove this same IP. I think I found the command to empty the rules completely, but not to delete the IP of my choice.

Does anyone have an idea?

Bonus question, how many rules can we add here? There is obviously no limit on the page.

Thanks

If you don’t know the ID or that rule, you’d have to get it with a List first.

https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules

50,000. Do I win a prize?

https://support.cloudflare.com/hc/en-us/articles/217074967-Configuring-IP-Access-Rules

1 Like

Naturally

2 Likes

May I have a different color, please?

1 Like

Thanks for your responsiveness and congratulations on your award!
I managed to list the rules, but now I have no idea how to list the rules and delete the one I want based on the IP (always in curl command line). Do you have any idea/lead how to do this? This is something new for me the command line curl!

Thanks

If you search on that IP address (configuration.target) in the initial API call, you should get a JSON response with a Result ID (Identifier) you can feed into the API Delete call.

2 Likes

Great now I can target the ip in question in the GET with the parameters “?configuration.target=ip&configuration.value=IP”

Last question and I don’t bother you anymore, do you have an example of command that allows me to do what you say “get a JSON response with a Result ID (Identifier) you can feed into the API Delete call”? Currently I have my 2 commands, but I don’t know yet how to make it so that the curl - X DELETE removes the ip specified in the GET.

Thanks again for your answers

I’ve used something like this to pipe the curl output to:
| jq | grep "\"id\"" | grep and then a cut -d "\"" -f 4 to grab the field from that line (field 4 in the particular script I use).

If you have jq tool installed on you server you can try something like

actionunban = curl -s -X DELETE "https://api.cloudflare.com/client/v4/accounts/<cfaccountid>/firewall/access_rules/rules/$(curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/<cfaccountid>/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" -H "Authorization: Bearer <cfapitoken>" -H "Content-Type: application/json" | jq -r '.result[] | .id')" \
              -H "Authorization: Bearer <cfapitoken>" \
              -H "Content-Type: application/json"
2 Likes

with jq tool to get id of the IP only need to use

curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/<cfaccountid>/firewall/access_rules/rules?mode=block&configuration_target=ip&configuration_value=<ip>&page=1&per_page=1&match=all" -H "Authorization: Bearer <cfapitoken>" -H "Content-Type: application/json" | jq -r '.result[] | .id'

you’re piping JSON output through | jq -r '.result[] | .id'

1 Like

Thank you so much, I managed to do it thanks to you 2 without using jq. But I will look into jq as it looks like I can actually make my command cleaner and lighter.

Thanks again!

2 Likes

You’re welcome. jq tool is amazing as its changed how I handle JSON for the better jq Manual (development version) :slight_smile:

2 Likes

This topic was automatically closed 3 days after the last reply. New replies are no longer allowed.