How to delete IP access rules?

Hi, I’ve been searching everywhere for days and I can’t find any solution. Please help me. An API system has added 50 thousand IP addresses to the IP access rules list for the My domain, and google bots cannot access my site. How can i delete all IP addresses in IP access rules?

Pretty much the same way they got there. Use the API to get a list of rules, then loop through that list with an API Delete command.

https://api.cloudflare.com/#user-level-firewall-access-rule-list-access-rules

Just make sure you don’t exceed the 1200 calls per 5 minute rate limit.

2 Likes

Is there an example to do it? I don’t know enough to do this

Here’s a post that should get you started:

1 Like

It is very slow to delete one by one. I have 50.000 IP addresses in IP access rules. Impossible to delete all with this method.

I need make 100.000 request to Cloudflare for delete all IP access rules :slight_smile: Isn’t there a simpler method?

It’s closer to 55,000 calls. 50 requests to get 1000 per request, then the 50k.

Sorry, no. Why not ask the person whose system added them there in the first place to clean it up?

I made a system that automatically adds the ip address to the ip access rules from cloudflare when a prohibited transaction is made with a blocking system. When the DDoS attack came, all incoming IP addresses were automatically blocked and this is what it turned out to be :slight_smile:

In addition, in the request, it first gets 1 ID with the API and deletes it. 2 requests are made for 1 IP.

It is taking 1 IP per page. When i try to increase it it doesn’t work

I just did this and got my small list of rules in one sweep:

curl -s -X GET "https://api.cloudflare.com/client/v4/accounts/ACCOUNT_ID/firewall/access_rules/rules" \
     -H "X-Auth-Email: [email protected]" \
     -H "X-Auth-Key: GLOBAL_API_KEY" \
     -H "Content-Type: application/json"

I can get multiple list but i can’t delete multiple IP addresses.

You can use Postman and Sublime Text to remove bulk IP/ASN from the list… Use Postman to get the whole list, copy that list to sublime, strip everything but the ID string. To do this, do a find, search for the first part of the id string that is the same. Then click find all. Now press Control+Shift+L, Now press Home, then Shift+End. Copy that to a blank page. When you have your list it should something look like

[
{"id": "1a7acce640f3418aa2dd718fb53cd5e0"},
{"id": "29890b6853be47c8bd920582157a1059"},
{"id": "9c83612c9cb941a5b93f3adc664ab079"}
]

You then save the file as something.json. Go back to postman, open a account-level firewall access rules → delete access rules, add

{"id": "{{id}}"}
}

to your body. Once you have done this, open a runner tab, drag the delete access rule to the run area, select the json file you save and run. don’t forget to set a rate limit if you have more than 1000 by adjusting the rate limit to something that will prevent you from exceeding 1200 every 5 minutes. You can leave postman running and go get some sleep at this point.